Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.71931
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2012:0568
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing updates announced in
advisory RHSA-2012:0568.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

A flaw was found in the way the php-cgi executable processed command line
arguments when running in CGI mode. A remote attacker could send a
specially-crafted request to a PHP script that would result in the query
string being parsed by php-cgi as command line options and arguments. This
could lead to the disclosure of the script's source code or arbitrary code
execution with the privileges of the PHP interpreter. (CVE-2012-1823)

Red Hat is aware that a public exploit for this issue is available that
allows remote code execution in affected PHP CGI configurations. This flaw
does not affect the default configuration in Red Hat Enterprise Linux 5 and
6 using the PHP module for Apache httpd to handle PHP scripts.

All php users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-0568.html

Risk factor : High

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-1823
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
CERT/CC vulnerability note: VU#520827
http://www.kb.cert.org/vuls/id/520827
CERT/CC vulnerability note: VU#673343
http://www.kb.cert.org/vuls/id/673343
Debian Security Information: DSA-2465 (Google Search)
http://www.debian.org/security/2012/dsa-2465
HPdes Security Advisory: HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPdes Security Advisory: HPSBUX02791
http://marc.info/?l=bugtraq&m=134012830914727&w=2
HPdes Security Advisory: SSRT100856
HPdes Security Advisory: SSRT100877
http://www.mandriva.com/security/advisories?name=MDVSA-2012:068
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
RedHat Security Advisories: RHSA-2012:0546
http://rhn.redhat.com/errata/RHSA-2012-0546.html
RedHat Security Advisories: RHSA-2012:0547
http://rhn.redhat.com/errata/RHSA-2012-0547.html
RedHat Security Advisories: RHSA-2012:0568
http://rhn.redhat.com/errata/RHSA-2012-0568.html
RedHat Security Advisories: RHSA-2012:0569
http://rhn.redhat.com/errata/RHSA-2012-0569.html
RedHat Security Advisories: RHSA-2012:0570
http://rhn.redhat.com/errata/RHSA-2012-0570.html
http://www.securitytracker.com/id?1027022
http://secunia.com/advisories/49014
http://secunia.com/advisories/49065
http://secunia.com/advisories/49085
http://secunia.com/advisories/49087
SuSE Security Announcement: SUSE-SU-2012:0598 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
SuSE Security Announcement: SUSE-SU-2012:0604 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
SuSE Security Announcement: openSUSE-SU-2012:0590 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.