Author: slashlinux, Posted: Mon Jul 19, 2010 1:30 am Post subject: Heloo people ! ---- I`m new here!
I have home debial linux server with all, apache, dovecot, dns....
and i have scaned my server with nessus !
And i get this :
Synopsis
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description
According to its banner, the version of PHP installed on the remote
host is older than 5.2.12. Such versions may be affected by several
security issues :
- It is possible to bypass the 'safe_mode' configuration
setting using 'tempnam()'. (CVE-2009-3557)
- It is possible to bypass the 'open_basedir'
configuration setting using 'posix_mkfifo()'.
(CVE-2009-3558)
- Provided file uploading is enabled (it is by default),
an attacker can upload files using a POST request with
'multipart/form-data' content even if the target script
doesn't actually support file uploads per se. By
supplying a large number (15,000+) of files, he may be
able to cause the web server to stop responding while
it processes the file list. (CVE-2009-4017)
- Missing protection for '$_SESSION' from interrupt
corruption and improved 'session.save_path' check.
(CVE-2009-4143)
- Insufficient input string validation in the
'htmlspecialchars()' function. (CVE-2009-4142)