FreeBSD Ports: Php5-zip Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.php.net/releases/5_3_4.php http://www.php.net/releases/5_2_15.php http://securityreason.com/achievement_securityalert/90 http://www.vuxml.org/freebsd/2a41233d-10e7-11e0-becc-0022156e8794.html

Insight

The following packages are affected: php5-zip php52-zip CVE-2010-3709 The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

Severity

Classification

CVE CVE-2010-3709

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeBSD Ports: asterisk, asterisk-bristuff
FreeBSD Ports: apache+ssl
FreeBSD Ports: bind9
FreeBSD Ports: coppermine
FreeBSD Ports: bind9-sdb-ldap, bind9-sdb-postgresql

FreeBSD Ports: php5-zip

Take action and discover your vulnerabilities