Executive Summary

Informations
Name MDVSA-2009:188 First vendor Publication 2009-08-01
Vendor Mandriva Last vendor Modification 2009-08-01
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been found and corrected in php4-eaccelerator:

encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files (CVE-2009-2353).

Additionally to adressing the security issue this update also provides php4-eaccelerator 0.9.5.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:188

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8

OpenVAS Exploits

Date Description
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:188 (php4-eaccelerator)
File : nvt/mdksa_2009_188.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56473 eAccelerator encoder.php File Copy Remote Command Execution

Nessus® Vulnerability Scanner

Date Description
2009-07-22 Name : The remote web server contains a PHP script that can allow execution of arbit...
File : eaccelerator_encoder_accessible.nasl - Type : ACT_ATTACK