Ubuntu Update For Php5 Vulnerabilities USN-485-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-485-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that the PHP xmlrpc extension did not correctly check heap memory allocation sizes. A remote attacker could send a specially crafted request to a PHP application using xmlrpc and execute arbitrary code as the Apache user. (CVE-2007-1864) Stefan Esser discovered a flaw in the random number initialization of the PHP SOAP extension. This could lead to remote attackers being able to predict certain elements of the authentication mechanism. (CVE-2007-2728)

Affected

php5 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 6.10 , Ubuntu 7.04

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-July/000558.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-1864, CVE-2007-2728

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for eglibc USN-2328-1
Ubuntu Update for erlang vulnerability USN-624-2
Ubuntu Update for dhcp vulnerability USN-531-1
Ubuntu Update for apt-listchanges vulnerability USN-572-1
Ubuntu Update for apache2 USN-1199-1

Ubuntu Update for php5 vulnerabilities USN-485-1

Take action and discover your vulnerabilities