ID de Prueba:	1.3.6.1.4.1.25623.1.0.50837
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:059 (php)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php announced via advisory MDKSA-2002:059. A fifth parameter was added to PHP's mail() function in 4.0.5 that is not properly sanitized when the server is running in safe mode. This vulnerability would allow local users and, possibly, remote attackers to execute arbitrary commands using shell metacharacters. After upgrading to these packages, execute service httpd restart as root in order to close the hole immediately. Affected versions: 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:059 http://online.securityfocus.com/archive/1/194425 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1246 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 2954 Common Vulnerability Exposure (CVE) ID: CVE-2001-1246 http://www.securityfocus.com/bid/2954 Bugtraq: 20010630 php breaks safe mode (Google Search) http://online.securityfocus.com/archive/1/194425 http://www.redhat.com/support/errata/RHSA-2002-102.html http://www.redhat.com/support/errata/RHSA-2002-129.html http://www.redhat.com/support/errata/RHSA-2003-159.html http://www.iss.net/security_center/static/6787.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.