Summary
The remote host is missing an update to php
announced via advisory MDVSA-2009:305.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:305
Insight
Some vulnerabilities were discovered and corrected in php:
PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive (CVE-2009-4017).
The updated packages have been patched to correct these issues.
Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0
Severity
Classification
-
CVE CVE-2009-4017 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities