ID de Prueba:	1.3.6.1.4.1.25623.1.0.58284
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2007-29 (php)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php announced via advisory TLSA-2007-29. PHP is an HTML-embedded scripting language. Multiple vulnerabilities (Integer overflows, Double free, CRLF injection) exist in php. These vulnerabilities may allow remote attackers to execute arbitrary code or to cause a denial of service via a crafted data. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2007-29 Risk factor : High CVSS Score: 7.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1001 20070407 PHP <= 5.2.1 wbmp file handling integer overflow http://www.securityfocus.com/archive/1/464957/100/0/threaded 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql http://www.securityfocus.com/archive/1/466166/100/0/threaded 23357 http://www.securityfocus.com/bid/23357 24814 http://secunia.com/advisories/24814 24909 http://secunia.com/advisories/24909 24924 http://secunia.com/advisories/24924 24945 http://secunia.com/advisories/24945 24965 http://secunia.com/advisories/24965 25056 http://secunia.com/advisories/25056 25151 http://secunia.com/advisories/25151 25159 http://www.securityfocus.com/bid/25159 25445 http://secunia.com/advisories/25445 26235 http://secunia.com/advisories/26235 ADV-2007-1269 http://www.vupen.com/english/advisories/2007/1269 ADV-2007-2732 http://www.vupen.com/english/advisories/2007/2732 APPLE-SA-2007-07-31 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html GLSA-200705-19 http://security.gentoo.org/glsa/glsa-200705-19.xml MDKSA-2007:087 http://www.mandriva.com/security/advisories?name=MDKSA-2007:087 MDKSA-2007:088 http://www.mandriva.com/security/advisories?name=MDKSA-2007:088 MDKSA-2007:089 http://www.mandriva.com/security/advisories?name=MDKSA-2007:089 MDKSA-2007:090 http://www.mandriva.com/security/advisories?name=MDKSA-2007:090 RHSA-2007:0153 http://www.redhat.com/support/errata/RHSA-2007-0153.html RHSA-2007:0155 http://rhn.redhat.com/errata/RHSA-2007-0155.html RHSA-2007:0162 http://www.redhat.com/support/errata/RHSA-2007-0162.html SSA:2007-127 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053 SUSE-SA:2007:032 http://www.novell.com/linux/security/advisories/2007_32_php.html http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1 http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup http://docs.info.apple.com/article.html?artnum=306172 http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html http://us2.php.net/releases/4_4_7.php http://us2.php.net/releases/5_2_2.php https://issues.rpath.com/browse/RPL-1268 oval:org.mitre.oval:def:10179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179 php-gd-overflow(33453) https://exchange.xforce.ibmcloud.com/vulnerabilities/33453 Common Vulnerability Exposure (CVE) ID: CVE-2007-1285 BugTraq ID: 22764 http://www.securityfocus.com/bid/22764 Bugtraq: 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql (Google Search) http://www.php-security.org/MOPB/MOPB-03-2007.html http://www.osvdb.org/32769 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017 http://www.redhat.com/support/errata/RHSA-2007-0082.html RedHat Security Advisories: RHSA-2007:0154 http://rhn.redhat.com/errata/RHSA-2007-0154.html RedHat Security Advisories: RHSA-2007:0155 RedHat Security Advisories: RHSA-2007:0163 http://rhn.redhat.com/errata/RHSA-2007-0163.html http://www.securitytracker.com/id?1017771 http://secunia.com/advisories/24910 http://secunia.com/advisories/24941 http://secunia.com/advisories/26048 http://secunia.com/advisories/26642 http://secunia.com/advisories/27864 http://secunia.com/advisories/28936 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136 SuSE Security Announcement: SUSE-SA:2007:044 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html https://usn.ubuntu.com/549-1/ http://www.ubuntu.com/usn/usn-549-2 Common Vulnerability Exposure (CVE) ID: CVE-2007-1286 BugTraq ID: 22765 http://www.securityfocus.com/bid/22765 Debian Security Information: DSA-1282 (Google Search) http://www.debian.org/security/2007/dsa-1282 Debian Security Information: DSA-1283 (Google Search) http://www.debian.org/security/2007/dsa-1283 http://security.gentoo.org/glsa/glsa-200703-21.xml HPdes Security Advisory: HPSBMA02215 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 HPdes Security Advisory: HPSBTU02232 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 HPdes Security Advisory: SSRT071423 HPdes Security Advisory: SSRT071429 http://www.php-security.org/MOPB/MOPB-04-2007.html http://www.osvdb.org/32771 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575 http://secunia.com/advisories/24419 http://secunia.com/advisories/24606 http://secunia.com/advisories/25025 http://secunia.com/advisories/25062 http://secunia.com/advisories/25423 http://secunia.com/advisories/25850 http://www.trustix.org/errata/2007/0009/ http://www.vupen.com/english/advisories/2007/1991 http://www.vupen.com/english/advisories/2007/2374 XForce ISS Database: php-zval-code-execution(32796) https://exchange.xforce.ibmcloud.com/vulnerabilities/32796 Common Vulnerability Exposure (CVE) ID: CVE-2007-1583 BugTraq ID: 23016 http://www.securityfocus.com/bid/23016 BugTraq ID: 25159 http://www.php-security.org/MOPB/MOPB-26-2007.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10245 http://secunia.com/advisories/25057 SuSE Security Announcement: SUSE-SA:2007:032 (Google Search) http://www.ubuntu.com/usn/usn-455-1 Common Vulnerability Exposure (CVE) ID: CVE-2007-1711 BugTraq ID: 23121 http://www.securityfocus.com/bid/23121 http://www.php-security.org/MOPB/MOPB-32-2007.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10406 XForce ISS Database: php-deserializer-code-execution(33575) https://exchange.xforce.ibmcloud.com/vulnerabilities/33575 Common Vulnerability Exposure (CVE) ID: CVE-2007-1718 BugTraq ID: 23145 http://www.securityfocus.com/bid/23145 http://www.php-security.org/MOPB/MOPB-34-2007.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10951 http://www.securitytracker.com/id?1017946 XForce ISS Database: php-mailfunction-header-injection(33516) https://exchange.xforce.ibmcloud.com/vulnerabilities/33516
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.