Detections
Analytics

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2238)

high Nessus Plugin ID 27148

Synopsis

The remote openSUSE host is missing a security update.

Description

This update fixes the following security problems in the PHP scripting language :

 - CVE-2006-5465: Various buffer overflows in htmlentities/htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used.

 - A missing open_basedir check inside chdir() function was added.

 - A tempnam() openbasedir bypass was fixed.

 - A possible buffer overflow in stream_socket_client() when using 'bindto' + IPv6 was fixed.

 - Do not build php5 with --enable-sigchld.

Solution

Update the affected apache2-mod_php5 packages.

Plugin Details

Severity: High

ID: 27148

File Name: suse_apache2-mod_php5-2238.nasl

Version: 1.13

Type: local

Agent: unix

Published: 10/17/2007

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:php5, p-cpe:/a:novell:opensuse:php5-wddx, p-cpe:/a:novell:opensuse:php5-fastcgi, p-cpe:/a:novell:opensuse:php5-gd, p-cpe:/a:novell:opensuse:php5-dba, p-cpe:/a:novell:opensuse:php5-exif, p-cpe:/a:novell:opensuse:php5-bcmath, p-cpe:/a:novell:opensuse:php5-ftp, p-cpe:/a:novell:opensuse:php5-pear, p-cpe:/a:novell:opensuse:php5-mysql, p-cpe:/a:novell:opensuse:php5-xmlrpc, p-cpe:/a:novell:opensuse:php5-pdo, p-cpe:/a:novell:opensuse:php5-pgsql, cpe:/o:novell:opensuse:10.1, p-cpe:/a:novell:opensuse:php5-imap, p-cpe:/a:novell:opensuse:php5-curl, p-cpe:/a:novell:opensuse:php5-mbstring, p-cpe:/a:novell:opensuse:php5-soap, p-cpe:/a:novell:opensuse:php5-iconv, p-cpe:/a:novell:opensuse:php5-mysqli, p-cpe:/a:novell:opensuse:php5-devel, p-cpe:/a:novell:opensuse:apache2-mod_php5, p-cpe:/a:novell:opensuse:php5-ldap, p-cpe:/a:novell:opensuse:php5-dom

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 11/7/2006

Reference Information

CVE: CVE-2006-5465