ID de Prueba:	1.3.6.1.4.1.25623.1.0.50551
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:068 (php)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php announced via advisory MDKSA-2004:068. Stefan Esser discovered a remotely exploitable vulnerability in PHP where a remote attacker could trigger a memory_limit request termination in places where an interruption is unsafe. This could be used to execute arbitrary code. As well, Stefan Esser also found a vulnerability in the handling of allowed tags within PHP's strip_tags() function. This could lead to a number of XSS issues on sites that rely on strip_tags() however, this only seems to affect the Internet Explorer and Safari browsers. The updated packages have been patched to correct the problem and all users are encouraged to upgrade immediately. Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:068 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0594 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0595 http://security.e-matters.de/advisories/112004.html http://security.e-matters.de/advisories/122004.html Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0594 BugTraq ID: 10725 http://www.securityfocus.com/bid/10725 Bugtraq: 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108981780109154&w=2 Bugtraq: 20040714 TSSA-2004-013 - php (Google Search) http://marc.info/?l=bugtraq&m=108982983426031&w=2 Bugtraq: 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) (Google Search) http://marc.info/?l=bugtraq&m=109051444105182&w=2 Conectiva Linux advisory: CLA-2004:847 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847 Debian Security Information: DSA-531 (Google Search) http://www.debian.org/security/2004/dsa-531 Debian Security Information: DSA-669 (Google Search) http://www.debian.org/security/2005/dsa-669 http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023908.html http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml HPdes Security Advisory: SSRT4777 http://marc.info/?l=bugtraq&m=109181600614477&w=2 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10896 http://www.redhat.com/support/errata/RHSA-2004-392.html http://www.redhat.com/support/errata/RHSA-2004-395.html http://www.redhat.com/support/errata/RHSA-2004-405.html http://www.redhat.com/support/errata/RHSA-2005-816.html SuSE Security Announcement: SUSE-SA:2004:021 (Google Search) http://www.novell.com/linux/security/advisories/2004_21_php4.html http://www.trustix.org/errata/2004/0039/ XForce ISS Database: php-memorylimit-code-execution(16693) https://exchange.xforce.ibmcloud.com/vulnerabilities/16693 Common Vulnerability Exposure (CVE) ID: CVE-2004-0595 BugTraq ID: 10724 http://www.securityfocus.com/bid/10724 http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619 XForce ISS Database: php-strip-tag-bypass(16692) https://exchange.xforce.ibmcloud.com/vulnerabilities/16692
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.