 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.53395 |
| Category: | Debian Local Security Checks |
| Title: | Debian Security Advisory DSA 115-1 (php3, php4) |
| Summary: | The remote host is missing an update to php3, php4;announced via advisory DSA 115-1. |
| Description: | Summary: The remote host is missing an update to php3, php4 announced via advisory DSA 115-1. Vulnerability Insight: Stefan Esser, who is also a member of the PHP team, found several flaws in the way PHP handles multipart/form-data POST requests (as described in RFC1867) known as POST fileuploads. Each of the flaws could allow an attacker to execute arbitrary code on the victim's system. For PHP3 flaws contain a broken boundary check and an arbitrary heap overflow. For PHP4 they consist of a broken boundary check and a heap off by one error. For the stable release of Debian these problems are fixed in version 3.0.18-0potato1.1 of PHP3 and version 4.0.3pl1-0potato3 of PHP4. For the unstable and testing release of Debian these problems are fixed in version 3.0.18-22 of PHP3 and version 4.1.2-1 of PHP4. There is no PHP4 in the stable and unstable distribution for the arm architecture due to a compiler error. Solution: We recommend that you upgrade your php packages immediately. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2002-0081 BugTraq ID: 4183 http://www.securityfocus.com/bid/4183 Bugtraq: 20020227 Advisory 012002: PHP remote vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=101484705523351&w=2 Bugtraq: 20020228 TSLSA-2002-0033 - mod_php (Google Search) http://marc.info/?l=bugtraq&m=101497256024338&w=2 Bugtraq: 20020304 Apache+php Proof of Concept Exploit (Google Search) http://marc.info/?l=bugtraq&m=101537076619812&w=2 http://www.cert.org/advisories/CA-2002-05.html CERT/CC vulnerability note: VU#297363 http://www.kb.cert.org/vuls/id/297363 Conectiva Linux advisory: CLA-2002:468 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468 Debian Security Information: DSA-115 (Google Search) http://www.debian.org/security/2002/dsa-115 En Garde Linux Advisory: ESA-20020301-006 http://www.linuxsecurity.com/advisories/other_advisory-1924.html HPdes Security Advisory: HPSBTL0203-028 http://online.securityfocus.com/advisories/3911 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php http://security.e-matters.de/advisories/012002.html http://marc.info/?l=ntbugtraq&m=101484975231922&w=2 http://www.redhat.com/support/errata/RHSA-2002-035.html http://www.redhat.com/support/errata/RHSA-2002-040.html SuSE Security Announcement: SuSE-SA:2002:007 (Google Search) http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html http://marc.info/?l=vuln-dev&m=101468694824998&w=2 http://www.iss.net/security_center/static/8281.php |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |