Mandrake Linux Security Advisory : php (MDKSA-2002:017)

High Nessus Plugin ID 13925


The remote Mandrake Linux host is missing one or more security updates.


Several flaws exist in various versions of PHP in the way it handles multipart/form-data POST requests, which are used for file uploads.
The php_mime_split() function could be used by an attacker to execute arbitrary code on the server. This affects both PHP4 and PHP3. The authors have fixed this in PHP 4.1.2 and provided patches for older versions of PHP.


Update the affected php, php-common and / or php-devel packages.

See Also

Plugin Details

Severity: High

ID: 13925

File Name: mandrake_MDKSA-2002-017.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:php, p-cpe:/a:mandriva:linux:php-common, p-cpe:/a:mandriva:linux:php-devel, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0, cpe:/o:mandrakesoft:mandrake_linux:8.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2002/02/28

Exploitable With

Core Impact

Reference Information

CVE: CVE-2002-0081

MDKSA: 2002:017