diff options
| author | Neil McGovern <neilm@debian.org> | 2005-09-09 22:53:14 +0000 |
|---|---|---|
| committer | Neil McGovern <neilm@debian.org> | 2005-09-09 22:53:14 +0000 |
| commit | 526dd954b3d2888243a87c627544f70e5847a475 (patch) | |
| tree | 50f0f7c2e58f571a73cf374d1b1bf68f14a96761 /data/DTSA/advs | |
| parent | 8462318cc3e9bc5d4f9b2deff19c446f9293da89 (diff) | |
PHP .adv
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1890 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
| -rw-r--r-- | data/DTSA/advs/16-php4.adv | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/data/DTSA/advs/16-php4.adv b/data/DTSA/advs/16-php4.adv new file mode 100644 index 0000000000..2b6d31ff99 --- /dev/null +++ b/data/DTSA/advs/16-php4.adv @@ -0,0 +1,35 @@ +source: php4 +date: September 10th, 2005 +author: Neil McGovern +vuln-type: several vulnerabilities +problem-scope: remote/local +debian-specifc: no +cve: CAN-2005-1751 CAN-2005-1921 CAN-2005-2498 +vendor-advisory: +testing-fix: 4.3.10-16etch1 +sid-fix: 4.4.0-2 +upgrade: apt-get upgrade + +Several security related problems have been found in PHP4, the +server-side, HTML-embedded scripting language. The Common +Vulnerabilities and Exposures project identifies the following +problems: + +CAN-2005-1751 + + Eric Romang discovered insecure temporary files in the shtool + utility shipped with PHP that can exploited by a local attacker to + overwrite arbitrary files. Only this vulnerability affects + packages in oldstable. + +CAN-2005-1921 + + GulfTech has discovered that PEAR XML_RPC is vulnerable to a + remote PHP code execution vulnerability that may allow an attacker + to compromise a vulnerable server. + +CAN-2005-2498 + + Stefan Esser discovered another vulnerability in the XML-RPC + libraries that allows injection of arbitrary PHP code into eval() + statements. |