Lucene search

K
openvasCopyright (C) 2012 E-Soft Inc.OPENVAS:136141256231070721
HistoryFeb 12, 2012 - 12:00 a.m.

Debian Security Advisory DSA 2403-1 (php5)

2012-02-1200:00:00
Copyright (C) 2012 E-Soft Inc.
plugins.openvas.org
18
debian
security advisory
dsa 2403-1
php
remote code execution
upgrade

AI Score

8.8

Confidence

High

EPSS

0.888

Percentile

98.8%

The remote host is missing an update to php5 announced via advisory DSA 2403-1.

This VT has been merged into the VT

# SPDX-FileCopyrightText: 2012 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.70721");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-2012-0830");
  script_version("2023-06-29T08:15:14+0000");
  script_tag(name:"last_modification", value:"2023-06-29 08:15:14 +0000 (Thu, 29 Jun 2023)");
  script_tag(name:"creation_date", value:"2012-02-12 06:39:47 -0500 (Sun, 12 Feb 2012)");
  script_name("Debian Security Advisory DSA 2403-1 (php5)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 E-Soft Inc.");
  script_family("Debian Local Security Checks");
  script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202403-1");
  script_tag(name:"insight", value:"Stefan Esser discovered that the implementation of the max_input_vars
configuration variable in a recent PHP security update was flawed such
that it allows remote attackers to crash PHP or potentially execute
code.

For the oldstable distribution (lenny), no fix is available at this time.

For the stable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze7.

The testing distribution (wheezy) and unstable distribution (sid)
will be fixed soon.");

  script_tag(name:"solution", value:"We recommend that you upgrade your php5 packages.");
  script_tag(name:"summary", value:"The remote host is missing an update to php5 announced via advisory DSA 2403-1.

This VT has been merged into the VT 'Debian: Security Advisory (DSA-2403)' (OID: 1.3.6.1.4.1.25623.1.0.70725).");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"deprecated", value:TRUE);

  exit(0);
}

exit(66);