openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1137-1)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

The blowfish password hashing implementation did not properly handle
8-characters in passwords, which made it easier for attackers to crack
the hash (CVE-2011-2483). After this update existing hashes with id
'$2a$' for passwords that contain 8-bit characters will no longer be
compatible with newly generated hashes. Affected users will either
have to change their password to store a new hash or the id of the
existing hash has to be manually changed to '$2x$' in order to
activate a compat mode. Please see the description of the
CVE-2011-2483 glibc update for details.

File uploads could potentially overwrite files owned by the user
running php (CVE-2011-2202).

A long salt argument to the crypt function could cause a buffer
overflow (CVE-2011-3268)

See also :

Solution :

Update the affected apache2-mod_php5 packages.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 75433 ()

Bugtraq ID:

CVE ID: CVE-2011-2202

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now