Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.55106
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:748
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2005:748.

A bug was discovered in the PEAR XML-RPC Server package included in PHP. If
a PHP script is used which implements an XML-RPC Server using the PEAR
XML-RPC package, then it is possible for a remote attacker to construct an
XML-RPC request which can cause PHP to execute arbitrary PHP commands as
the 'apache' user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-2498 to this issue.

When using the default SELinux targeted policy on Red Hat Enterprise
Linux 4, the impact of this issue is reduced since the scripts executed by
PHP are constrained within the httpd_sys_script_t security context.

Users of PHP should upgrade to these updated packages, which contain
backported fixes for these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-748.html

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: BugTraq ID: 14560
Common Vulnerability Exposure (CVE) ID: CVE-2005-2498
http://www.securityfocus.com/bid/14560
Bugtraq: 20050815 Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/408125
Bugtraq: 20050815 [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue (Google Search)
http://marc.info/?l=bugtraq&m=112412415822890&w=2
Bugtraq: 20050817 [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=112431497300344&w=2
Debian Security Information: DSA-789 (Google Search)
http://www.debian.org/security/2005/dsa-789
Debian Security Information: DSA-798 (Google Search)
http://www.debian.org/security/2005/dsa-798
Debian Security Information: DSA-840 (Google Search)
http://www.debian.org/security/2005/dsa-840
Debian Security Information: DSA-842 (Google Search)
http://www.debian.org/security/2005/dsa-842
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
http://www.hardened-php.net/advisory_152005.67.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569
http://www.redhat.com/support/errata/RHSA-2005-748.html
http://secunia.com/advisories/16431
http://secunia.com/advisories/16432
http://secunia.com/advisories/16441
http://secunia.com/advisories/16460
http://secunia.com/advisories/16465
http://secunia.com/advisories/16468
http://secunia.com/advisories/16469
http://secunia.com/advisories/16491
http://secunia.com/advisories/16550
http://secunia.com/advisories/16558
http://secunia.com/advisories/16563
http://secunia.com/advisories/16619
http://secunia.com/advisories/16635
http://secunia.com/advisories/16693
http://secunia.com/advisories/16976
http://secunia.com/advisories/17053
http://secunia.com/advisories/17066
http://secunia.com/advisories/17440
SuSE Security Announcement: SUSE-SA:2005:049 (Google Search)
http://www.novell.com/linux/security/advisories/2005_49_php.html
SuSE Security Announcement: SUSE-SA:2005:051 (Google Search)
http://marc.info/?l=bugtraq&m=112605112027335&w=2
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.