Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:126 (php)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61223
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:126 (php)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php announced via advisory MDVSA-2008:126. A number of vulnerabilities have been found and corrected in PHP: PHP 5.2.1 would allow context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with 'S:', which did not properly track the number of input bytes being processed (CVE-2007-1649). A vulnerability in the chunk_split() function in PHP prior to 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation (CVE-2007-4660). The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors (CVE-2007-5898). The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL (CVE-2007-5899). The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters (CVE-2008-2051). Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108). The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request (CVE-2008-2829). The updated packages have been patched to correct these issues. Affected: 2007.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:126 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1649 BugTraq ID: 23105 http://www.securityfocus.com/bid/23105 http://www.mandriva.com/security/advisories?name=MDVSA-2008:126 http://www.php-security.org/MOPB/MOPB-29-2007.html http://secunia.com/advisories/24630 XForce ISS Database: php-unserialize-information-disclosure(33170) https://exchange.xforce.ibmcloud.com/vulnerabilities/33170 Common Vulnerability Exposure (CVE) ID: CVE-2007-4660 Debian Security Information: DSA-1444 (Google Search) http://www.debian.org/security/2008/dsa-1444 http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:125 http://secunia.com/advisories/26642 http://secunia.com/advisories/27102 http://secunia.com/advisories/27864 http://secunia.com/advisories/28249 https://usn.ubuntu.com/549-1/ http://www.ubuntu.com/usn/usn-549-2 http://www.vupen.com/english/advisories/2007/3023 Common Vulnerability Exposure (CVE) ID: CVE-2007-5898 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html HPdes Security Advisory: HPSBUX02332 http://www.securityfocus.com/archive/1/491693/100/0/threaded HPdes Security Advisory: SSRT080056 http://www.mandriva.com/security/advisories?name=MDVSA-2008:127 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10080 http://www.redhat.com/support/errata/RHSA-2008-0505.html http://www.redhat.com/support/errata/RHSA-2008-0544.html http://www.redhat.com/support/errata/RHSA-2008-0545.html http://www.redhat.com/support/errata/RHSA-2008-0546.html http://www.redhat.com/support/errata/RHSA-2008-0582.html http://securitytracker.com/id?1018934 http://secunia.com/advisories/27648 http://secunia.com/advisories/27659 http://secunia.com/advisories/28658 http://secunia.com/advisories/30040 http://secunia.com/advisories/30828 http://secunia.com/advisories/31119 http://secunia.com/advisories/31124 http://secunia.com/advisories/31200 SuSE Security Announcement: SUSE-SA:2008:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://www.ubuntu.com/usn/usn-628-1 Common Vulnerability Exposure (CVE) ID: CVE-2007-5899 http://osvdb.org/38918 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11211 Common Vulnerability Exposure (CVE) ID: CVE-2008-2051 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html BugTraq ID: 29009 http://www.securityfocus.com/bid/29009 Bugtraq: 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/492535/100/0/threaded Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/492671/100/0/threaded Debian Security Information: DSA-1572 (Google Search) http://www.debian.org/security/2008/dsa-1572 Debian Security Information: DSA-1578 (Google Search) http://www.debian.org/security/2008/dsa-1578 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html http://security.gentoo.org/glsa/glsa-200811-05.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:128 http://www.openwall.com/lists/oss-security/2008/05/02/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256 http://secunia.com/advisories/30048 http://secunia.com/advisories/30083 http://secunia.com/advisories/30158 http://secunia.com/advisories/30288 http://secunia.com/advisories/30345 http://secunia.com/advisories/30411 http://secunia.com/advisories/30757 http://secunia.com/advisories/30967 http://secunia.com/advisories/31326 http://secunia.com/advisories/32746 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951 SuSE Security Announcement: SUSE-SR:2008:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://www.vupen.com/english/advisories/2008/1412 http://www.vupen.com/english/advisories/2008/2268 Common Vulnerability Exposure (CVE) ID: CVE-2008-2107 Bugtraq: 20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability (Google Search) http://www.securityfocus.com/archive/1/491683/100/0/threaded Debian Security Information: DSA-1789 (Google Search) http://www.debian.org/security/2009/dsa-1789 http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:129 http://www.mandriva.com/security/advisories?name=MDVSA-2008:130 http://www.sektioneins.de/advisories/SE-2008-02.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644 http://secunia.com/advisories/35003 http://securityreason.com/securityalert/3859 XForce ISS Database: php-generateseed-security-bypass(42284) https://exchange.xforce.ibmcloud.com/vulnerabilities/42284 XForce ISS Database: php-generateseed-weak-security(42226) https://exchange.xforce.ibmcloud.com/vulnerabilities/42226 Common Vulnerability Exposure (CVE) ID: CVE-2008-2108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10844 Common Vulnerability Exposure (CVE) ID: CVE-2008-2829 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 29829 http://www.securityfocus.com/bid/29829 Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/501376/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html HPdes Security Advisory: HPSBUX02431 http://marc.info/?l=bugtraq&m=124654546101607&w=2 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: SSRT090085 HPdes Security Advisory: SSRT090192 http://bugs.php.net/bug.php?id=42862 http://www.openwall.com/lists/oss-security/2008/06/19/6 http://www.openwall.com/lists/oss-security/2008/06/24/2 http://osvdb.org/46641 http://secunia.com/advisories/35074 http://secunia.com/advisories/35306 http://secunia.com/advisories/35650 SuSE Security Announcement: SUSE-SR:2008:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: php-phpimap-dos(43357) https://exchange.xforce.ibmcloud.com/vulnerabilities/43357
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com