FreeBSD Ports: Php5-zip Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.php.net/releases/5_3_4.php http://www.php.net/releases/5_2_15.php http://securityreason.com/achievement_securityalert/90 http://www.vuxml.org/freebsd/2a41233d-10e7-11e0-becc-0022156e8794.html

Insight

The following packages are affected: php5-zip php52-zip CVE-2010-3709 The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

Severity

Classification

CVE CVE-2010-3709
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeBSD Ports: bip
FreeBSD Ports: bitcoin
FreeBSD Ports: bugzilla
FreeBSD Ports: ap20-mod_pubcookie
django -- multiple vulnerabilities

FreeBSD Ports: php5-zip

Take action and discover your vulnerabilities