ID de Prueba:	1.3.6.1.4.1.25623.1.0.61227
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:129 (php4)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php4 announced via advisory MDVSA-2008:129. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108). The updated packages have been patched to correct these issues. Affected: Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:129 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2107 Bugtraq: 20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability (Google Search) http://www.securityfocus.com/archive/1/491683/100/0/threaded Debian Security Information: DSA-1789 (Google Search) http://www.debian.org/security/2009/dsa-1789 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html http://security.gentoo.org/glsa/glsa-200811-05.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:125 http://www.mandriva.com/security/advisories?name=MDVSA-2008:126 http://www.mandriva.com/security/advisories?name=MDVSA-2008:127 http://www.mandriva.com/security/advisories?name=MDVSA-2008:128 http://www.mandriva.com/security/advisories?name=MDVSA-2008:129 http://www.mandriva.com/security/advisories?name=MDVSA-2008:130 http://www.sektioneins.de/advisories/SE-2008-02.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644 http://www.redhat.com/support/errata/RHSA-2008-0505.html http://www.redhat.com/support/errata/RHSA-2008-0544.html http://www.redhat.com/support/errata/RHSA-2008-0545.html http://www.redhat.com/support/errata/RHSA-2008-0546.html http://www.redhat.com/support/errata/RHSA-2008-0582.html http://secunia.com/advisories/30757 http://secunia.com/advisories/30828 http://secunia.com/advisories/30967 http://secunia.com/advisories/31119 http://secunia.com/advisories/31124 http://secunia.com/advisories/31200 http://secunia.com/advisories/32746 http://secunia.com/advisories/35003 http://securityreason.com/securityalert/3859 SuSE Security Announcement: SUSE-SR:2008:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://www.ubuntu.com/usn/usn-628-1 XForce ISS Database: php-generateseed-security-bypass(42284) https://exchange.xforce.ibmcloud.com/vulnerabilities/42284 XForce ISS Database: php-generateseed-weak-security(42226) https://exchange.xforce.ibmcloud.com/vulnerabilities/42226 Common Vulnerability Exposure (CVE) ID: CVE-2008-2108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10844
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.