Detections
Analytics
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)
medium Nessus Plugin ID 29379
Synopsis
The remote SuSE 10 host is missing a security-related patch.Description
This update fixes multiple bugs in php :- predictable generaton of an initialization vector (IV) in the mcrypt extension
- additional cookie attributes could be injected via a session id
- specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications
- insufficient validation of parmeters in the substr_count function
- predictable generaton of an initialization vector (IV) in the soap extension
CVE-2007-2727 / CVE-2007-2748 / CVE-2007-2728 / CVE-2007-3472 / CVE-2007-3475 / CVE-2007-3476 / CVE-2007-3477 / CVE-2007-3478 / CVE-2007-3799
Solution
Apply ZYPP patch number 3980.See Also
http://support.novell.com/security/cve/CVE-2007-2727.html
http://support.novell.com/security/cve/CVE-2007-2728.html
http://support.novell.com/security/cve/CVE-2007-2748.html
http://support.novell.com/security/cve/CVE-2007-3472.html
http://support.novell.com/security/cve/CVE-2007-3475.html
http://support.novell.com/security/cve/CVE-2007-3476.html
http://support.novell.com/security/cve/CVE-2007-3477.html
Plugin Details
Severity: Medium
ID: 29379
File Name: suse_apache2-mod_php5-3980.nasl
Version: 1.17
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 12/13/2007
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/o:suse:suse_linux
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 7/30/2007
Reference Information
CVE: CVE-2007-2727, CVE-2007-2728, CVE-2007-2748, CVE-2007-3472, CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478, CVE-2007-3799