[php-maint] Bug#323366: SECURITY: XML::RPC remote code injections
(CAN-2005-2498)
Christian Hammers
ch at debian.org
Tue Aug 16 09:36:22 UTC 2005
Package: php4
Version: 4:4.3.10-15
Severity: grave
Tags: security
Hello
A security flaw in XML::RPC has become known. From the version numbers
it seems to affect Debian. (I did not check which distributions and packages
exactly though).
More information is available here:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
(not yet)
Advisory: PEAR XML_RPC Remote PHP Code Injection Vulnerability
Application: PEAR XML_RPC <= 1.3.3
Severity: A malformed XMLRPC request can result in execution
of arbitrary injected PHP code
References: http://www.hardened-php.net/advisory_142005.66.html
Advisory: PHPXMLRPC Remote PHP Code Injection Vulnerability
Application: PHPXMLRPC <= 1.1.1
Severity: A malformed XMLRPC request can result in execution
of arbitrary injected PHP code
References: http://www.hardened-php.net/advisory_152005.67.html
bye,
-christian-
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (9999, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-15) (ignored: LC_ALL set to de_DE at euro)
Versions of packages php4 depends on:
ii libapache-mod-php4 4:4.3.10-15 server-side, HTML-embedded scripti
ii php4-common 4:4.3.10-15 Common files for packages built fr
-- debconf information excluded
More information about the pkg-php-maint
mailing list