ID de Prueba:	1.3.6.1.4.1.25623.1.0.54329
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2005-192-01)
Resumen:	The remote host is missing an update for the 'PHP' package(s) announced via the SSA:2005-192-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'PHP' package(s) announced via the SSA:2005-192-01 advisory. Vulnerability Insight: New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with the PEAR XML_RPC class that allows a remote attacker to run arbitrary PHP code. Sites that make use of this PHP library should upgrade to the new PHP package right away, or may instead upgrade the XML_RPC PEAR class with the following command: pear upgrade XML_RPC More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 10.1 ChangeLog: +--------------------------+ patches/packages/php-4.3.11-i486-2.tgz: Upgraded PEAR XML_RPC class. This new PHP package fixes a PEAR XML_RPC vulnerability. Sites that use this PEAR class should upgrade to the new PHP package, or as a minimal fix may instead upgrade the XML_RPC PEAR class with the following command: pear upgrade XML_RPC (* Security fix *) +--------------------------+ Affected Software/OS: 'PHP' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1921 1015336 http://securitytracker.com/id?1015336 14088 http://www.securityfocus.com/bid/14088 15810 http://secunia.com/advisories/15810 15852 http://secunia.com/advisories/15852 15855 http://secunia.com/advisories/15855 15861 http://secunia.com/advisories/15861 15872 http://secunia.com/advisories/15872 15883 http://secunia.com/advisories/15883 15884 http://secunia.com/advisories/15884 15895 http://secunia.com/advisories/15895 15903 http://secunia.com/advisories/15903 15904 http://secunia.com/advisories/15904 15916 http://secunia.com/advisories/15916 15917 http://secunia.com/advisories/15917 15922 http://secunia.com/advisories/15922 15944 http://secunia.com/advisories/15944 15947 http://secunia.com/advisories/15947 15957 http://secunia.com/advisories/15957 16001 http://secunia.com/advisories/16001 16339 http://secunia.com/advisories/16339 16693 http://secunia.com/advisories/16693 17440 http://secunia.com/advisories/17440 17674 http://secunia.com/advisories/17674 18003 http://secunia.com/advisories/18003 20050629 Advisory 02/2005: Remote code execution in Serendipity http://marc.info/?l=bugtraq&m=112008638320145&w=2 20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue http://marc.info/?l=bugtraq&m=112015336720867&w=2 ADV-2005-2827 http://www.vupen.com/english/advisories/2005/2827 DSA-745 http://www.debian.org/security/2005/dsa-745 DSA-746 http://www.debian.org/security/2005/dsa-746 DSA-747 http://www.debian.org/security/2005/dsa-747 DSA-789 http://www.debian.org/security/2005/dsa-789 GLSA-200507-01 http://security.gentoo.org/glsa/glsa-200507-01.xml GLSA-200507-06 http://security.gentoo.org/glsa/glsa-200507-06.xml GLSA-200507-07 http://security.gentoo.org/glsa/glsa-200507-07.xml HPSBTU02083 http://www.securityfocus.com/archive/1/419064/100/0/threaded MDKSA-2005:109 http://www.mandriva.com/security/advisories?name=MDKSA-2005:109 RHSA-2005:564 http://www.redhat.com/support/errata/RHSA-2005-564.html SSRT051069 SUSE-SA:2005:041 http://www.novell.com/linux/security/advisories/2005_41_php_pear.html SUSE-SA:2005:049 http://www.novell.com/linux/security/advisories/2005_49_php.html SUSE-SA:2005:051 http://marc.info/?l=bugtraq&m=112605112027335&w=2 SUSE-SR:2005:018 http://www.novell.com/linux/security/advisories/2005_18_sr.html http://pear.php.net/package/XML_RPC/download/1.3.1 http://sourceforge.net/project/showfiles.php?group_id=87163 http://sourceforge.net/project/shownotes.php?release_id=338803 http://www.ampache.org/announce/3_3_1_2.php http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt http://www.gulftech.org/?node=research&article_id=00087-07012005 http://www.hardened-php.net/advisory-022005.php oval:org.mitre.oval:def:11294 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294 oval:org.mitre.oval:def:350 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.