Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:238 (php)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56044

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:238 (php)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to php
announced via advisory MDKSA-2005:238.

A CRLF injection vulnerability in the mb_send_mail function in PHP
before 5.1.0 might allow remote attackers to inject arbitrary
e-mail headers via line feeds (LF) in the To address argument, when
using sendmail as the MTA (mail transfer agent).

The updated packages have been patched to address this issue. Once the
new packages have been installed, you will need to restart your Apache
server using service httpd restart in order for the new packages to
take effect.

Affected: 2006.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:238

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 15571
Common Vulnerability Exposure (CVE) ID: CVE-2005-3883
http://www.securityfocus.com/bid/15571
http://www.mandriva.com/security/advisories?name=MDKSA-2005:238
http://bugs.php.net/bug.php?id=35307
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10332
RedHat Security Advisories: RHSA-2006:0276
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://securitytracker.com/id?1015296
http://secunia.com/advisories/17763
http://secunia.com/advisories/18054
http://secunia.com/advisories/18198
http://secunia.com/advisories/19832
http://secunia.com/advisories/20210
http://secunia.com/advisories/20951
SGI Security Advisory: 20060501-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
SuSE Security Announcement: SUSE-SA:2005:069 (Google Search)
http://www.securityfocus.com/archive/1/419504/100/0/threaded
TurboLinux Advisory: TLSA-2006-38
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
https://www.ubuntu.com/usn/usn-232-1/
http://www.vupen.com/english/advisories/2006/2685
XForce ISS Database: php-mbsendmail-header-injection(23270)
https://exchange.xforce.ibmcloud.com/vulnerabilities/23270

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56044
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:238 (php)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php announced via advisory MDKSA-2005:238. A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the To address argument, when using sendmail as the MTA (mail transfer agent). The updated packages have been patched to address this issue. Once the new packages have been installed, you will need to restart your Apache server using service httpd restart in order for the new packages to take effect. Affected: 2006.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:238 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 15571 Common Vulnerability Exposure (CVE) ID: CVE-2005-3883 http://www.securityfocus.com/bid/15571 http://www.mandriva.com/security/advisories?name=MDKSA-2005:238 http://bugs.php.net/bug.php?id=35307 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10332 RedHat Security Advisories: RHSA-2006:0276 http://rhn.redhat.com/errata/RHSA-2006-0276.html http://securitytracker.com/id?1015296 http://secunia.com/advisories/17763 http://secunia.com/advisories/18054 http://secunia.com/advisories/18198 http://secunia.com/advisories/19832 http://secunia.com/advisories/20210 http://secunia.com/advisories/20951 SGI Security Advisory: 20060501-01-U ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc SuSE Security Announcement: SUSE-SA:2005:069 (Google Search) http://www.securityfocus.com/archive/1/419504/100/0/threaded TurboLinux Advisory: TLSA-2006-38 http://www.turbolinux.com/security/2006/TLSA-2006-38.txt https://www.ubuntu.com/usn/usn-232-1/ http://www.vupen.com/english/advisories/2006/2685 XForce ISS Database: php-mbsendmail-header-injection(23270) https://exchange.xforce.ibmcloud.com/vulnerabilities/23270
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com