ID de Prueba:	1.3.6.1.4.1.25623.1.0.61225
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:128 (php)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php announced via advisory MDVSA-2008:128. A number of vulnerabilities have been found and corrected in PHP: php-cgi in PHP prior to 5.2.6 does not properly calculate the length of PATH_TRANSLATED, which has unknown impact and attack vectors (CVE-2008-0599). The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters (CVE-2008-2051). Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108). The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request (CVE-2008-2829). In addition, the updated packages provide a number of bug fixes. The updated packages have been patched to correct these issues. Affected: 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:128 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0599 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html BugTraq ID: 29009 http://www.securityfocus.com/bid/29009 Bugtraq: 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/492535/100/0/threaded CERT/CC vulnerability note: VU#147027 http://www.kb.cert.org/vuls/id/147027 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html http://security.gentoo.org/glsa/glsa-200811-05.xml HPdes Security Advisory: HPSBUX02342 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437 HPdes Security Advisory: HPSBUX02431 http://marc.info/?l=bugtraq&m=124654546101607&w=2 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: SSRT080063 HPdes Security Advisory: SSRT090085 HPdes Security Advisory: SSRT090192 http://www.mandriva.com/security/advisories?name=MDVSA-2008:127 http://www.mandriva.com/security/advisories?name=MDVSA-2008:128 http://www.openwall.com/lists/oss-security/2008/05/02/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5510 http://www.redhat.com/support/errata/RHSA-2008-0505.html http://www.securitytracker.com/id?1019958 http://secunia.com/advisories/30048 http://secunia.com/advisories/30083 http://secunia.com/advisories/30345 http://secunia.com/advisories/30616 http://secunia.com/advisories/30757 http://secunia.com/advisories/30828 http://secunia.com/advisories/31200 http://secunia.com/advisories/31326 http://secunia.com/advisories/32746 http://secunia.com/advisories/35650 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951 http://www.ubuntu.com/usn/usn-628-1 http://www.vupen.com/english/advisories/2008/1412 http://www.vupen.com/english/advisories/2008/1810/references http://www.vupen.com/english/advisories/2008/2268 XForce ISS Database: php-vector-unspecified(42137) https://exchange.xforce.ibmcloud.com/vulnerabilities/42137 Common Vulnerability Exposure (CVE) ID: CVE-2008-2051 Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/492671/100/0/threaded Debian Security Information: DSA-1572 (Google Search) http://www.debian.org/security/2008/dsa-1572 Debian Security Information: DSA-1578 (Google Search) http://www.debian.org/security/2008/dsa-1578 http://www.mandriva.com/security/advisories?name=MDVSA-2008:125 http://www.mandriva.com/security/advisories?name=MDVSA-2008:126 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256 http://www.redhat.com/support/errata/RHSA-2008-0544.html http://www.redhat.com/support/errata/RHSA-2008-0545.html http://www.redhat.com/support/errata/RHSA-2008-0546.html http://www.redhat.com/support/errata/RHSA-2008-0582.html http://secunia.com/advisories/30158 http://secunia.com/advisories/30288 http://secunia.com/advisories/30411 http://secunia.com/advisories/30967 http://secunia.com/advisories/31119 http://secunia.com/advisories/31124 SuSE Security Announcement: SUSE-SR:2008:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2008-2107 Bugtraq: 20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability (Google Search) http://www.securityfocus.com/archive/1/491683/100/0/threaded Debian Security Information: DSA-1789 (Google Search) http://www.debian.org/security/2009/dsa-1789 http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:129 http://www.mandriva.com/security/advisories?name=MDVSA-2008:130 http://www.sektioneins.de/advisories/SE-2008-02.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644 http://secunia.com/advisories/35003 http://securityreason.com/securityalert/3859 XForce ISS Database: php-generateseed-security-bypass(42284) https://exchange.xforce.ibmcloud.com/vulnerabilities/42284 XForce ISS Database: php-generateseed-weak-security(42226) https://exchange.xforce.ibmcloud.com/vulnerabilities/42226 Common Vulnerability Exposure (CVE) ID: CVE-2008-2108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10844 Common Vulnerability Exposure (CVE) ID: CVE-2008-2829 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 29829 http://www.securityfocus.com/bid/29829 Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/501376/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html http://bugs.php.net/bug.php?id=42862 http://www.openwall.com/lists/oss-security/2008/06/19/6 http://www.openwall.com/lists/oss-security/2008/06/24/2 http://osvdb.org/46641 http://secunia.com/advisories/35074 http://secunia.com/advisories/35306 SuSE Security Announcement: SUSE-SR:2008:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: php-phpimap-dos(43357) https://exchange.xforce.ibmcloud.com/vulnerabilities/43357
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.