New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.7
Synopsis
The remote Debian host is missing a security-related update.
Description
Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2007-3806 The glob function allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter.
- CVE-2008-1384 Integer overflow allows context-dependent attackers to cause a denial of service and possibly have other impact via a printf format parameter with a large width specifier.
- CVE-2008-2050 Stack-based buffer overflow in the FastCGI SAPI.
- CVE-2008-2051 The escapeshellcmd API function could be attacked via incomplete multibyte chars.
Solution
Upgrade the php5 package.
For the stable distribution (etch), these problems have been fixed in version 5.2.0-8+etch11.