ID de Prueba:	1.3.6.1.4.1.25623.1.0.56802
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:091 (php)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php announced via advisory MDKSA-2006:091. An integer overflow in the wordwrap() function could allow attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, triggering a heap-based buffer overflow (CVE-2006-1990). The substr_compare() function in PHP 5.x and 4.4.2 could allow attackers to cause a Denial of Service (memory access violation) via an out-of-bounds offset argument (CVE-2006-1991). The second vulnerability only affects Mandriva Linux 2006 earlier versions shipped with older versions of PHP that do not contain the substr_compare() function. Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:091 Risk factor : High CVSS Score: 6.4
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1990 1015979 http://securitytracker.com/id?1015979 19803 http://secunia.com/advisories/19803 20052 http://secunia.com/advisories/20052 20060701-01-U ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U 20061005 rPSA-2006-0182-1 php php-mysql php-pgsql http://www.securityfocus.com/archive/1/447866/100/0/threaded 20222 http://secunia.com/advisories/20222 20269 http://secunia.com/advisories/20269 20676 http://secunia.com/advisories/20676 21031 http://secunia.com/advisories/21031 21050 http://secunia.com/advisories/21050 21125 http://secunia.com/advisories/21125 21135 http://secunia.com/advisories/21135 21252 http://secunia.com/advisories/21252 21564 http://secunia.com/advisories/21564 21723 http://secunia.com/advisories/21723 22225 http://secunia.com/advisories/22225 23155 http://secunia.com/advisories/23155 ADV-2006-1500 http://www.vupen.com/english/advisories/2006/1500 ADV-2006-4750 http://www.vupen.com/english/advisories/2006/4750 APPLE-SA-2006-11-28 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html GLSA-200605-08 http://security.gentoo.org/glsa/glsa-200605-08.xml MDKSA-2006:091 http://www.mandriva.com/security/advisories?name=MDKSA-2006:091 MDKSA-2006:122 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 RHSA-2006:0501 http://www.redhat.com/support/errata/RHSA-2006-0501.html RHSA-2006:0549 http://rhn.redhat.com/errata/RHSA-2006-0549.html RHSA-2006:0568 http://www.redhat.com/support/errata/RHSA-2006-0568.html SUSE-SA:2006:031 http://www.novell.com/linux/security/advisories/2006_31_php.html TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html TLSA-2006-38 http://www.turbolinux.com/security/2006/TLSA-2006-38.txt USN-320-1 http://www.ubuntu.com/usn/usn-320-1 http://docs.info.apple.com/article.html?artnum=304829 http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02 https://issues.rpath.com/browse/RPL-683 oval:org.mitre.oval:def:9696 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9696 php-wordwrap-string-bo(26001) https://exchange.xforce.ibmcloud.com/vulnerabilities/26001 Common Vulnerability Exposure (CVE) ID: CVE-2006-1991 SuSE Security Announcement: SUSE-SA:2006:031 (Google Search) XForce ISS Database: php-substrcompare-length-dos(26003) https://exchange.xforce.ibmcloud.com/vulnerabilities/26003
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.