This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in php :
PHP does not validate the configration directive soap.wsdl_cache_dir
before writing SOAP wsdl cache files to the filesystem. Thus an
attacker is able to write remote wsdl files to arbitrary locations
PHP allows the use of external entities while parsing SOAP wsdl files
which allows an attacker to read arbitrary files. If a web application
unserializes user-supplied data and tries to execute any method of it,
an attacker can send serialized SoapClient object initialized in
non-wsdl mode which will make PHP to parse automatically remote
XML-document specified in the location option parameter
The updated packages have been upgraded to the 5.3.22 version which is
not vulnerable to these issues.
Additionally, some packages which requires so has been rebuilt for
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true