blob: 0fdf486d6c69002fedf03c662052b7a596567687 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
source: php4
date: September 10th, 2005
author: Neil McGovern
vuln-type: several vulnerabilities
problem-scope: remote/local
debian-specifc: no
cve: CVE-2005-1751 CVE-2005-1921 CVE-2005-2498
vendor-advisory:
testing-fix: 4.3.10-16etch1
sid-fix: 4.4.0-2
upgrade: apt-get upgrade
Several security related problems have been found in PHP4, the
server-side, HTML-embedded scripting language. The Common
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2005-1751
Eric Romang discovered insecure temporary files in the shtool
utility shipped with PHP that can exploited by a local attacker to
overwrite arbitrary files. Only this vulnerability affects
packages in oldstable.
CVE-2005-1921
GulfTech has discovered that PEAR XML_RPC is vulnerable to a
remote PHP code execution vulnerability that may allow an attacker
to compromise a vulnerable server.
CVE-2005-2498
Stefan Esser discovered another vulnerability in the XML-RPC
libraries that allows injection of arbitrary PHP code into eval()
statements.
|