Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:024 (php4)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63251

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:024 (php4)

Resumen: The remote host is missing an update to php4;announced via advisory MDVSA-2009:024.

Descripción: Summary:
The remote host is missing an update to php4
announced via advisory MDVSA-2009:024.

Vulnerability Insight:
A buffer overflow in the imageloadfont() function in PHP allowed
context-dependent attackers to cause a denial of service (crash)
and potentially execute arbitrary code via a crafted font file
(CVE-2008-3658).

A buffer overflow in the memnstr() function allowed context-dependent
attackers to cause a denial of service (crash) and potentially execute
arbitrary code via the delimiter argument to the explode() function
(CVE-2008-3659).

PHP, when used as a FastCGI module, allowed remote attackers to cause
a denial of service (crash) via a request with multiple dots preceding
the extension (CVE-2008-3660).

The updated packages have been patched to correct these issues.

Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3658
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
BugTraq ID: 30649
http://www.securityfocus.com/bid/30649
Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/501376/100/0/threaded
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Debian Security Information: DSA-1647 (Google Search)
http://www.debian.org/security/2008/dsa-1647
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
http://security.gentoo.org/glsa/glsa-200811-05.xml
HPdes Security Advisory: HPSBTU02382
http://www.securityfocus.com/archive/1/498647/100/0/threaded
HPdes Security Advisory: HPSBUX02401
http://marc.info/?l=bugtraq&m=123376588623823&w=2
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: SSRT080132
HPdes Security Advisory: SSRT090005
HPdes Security Advisory: SSRT090192
http://www.mandriva.com/security/advisories?name=MDVSA-2009:021
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.mandriva.com/security/advisories?name=MDVSA-2009:024
http://news.php.net/php.cvs/51219
http://www.openwall.com/lists/oss-security/2008/08/08/2
http://www.openwall.com/lists/oss-security/2008/08/13/8
http://osvdb.org/47484
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9724
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://secunia.com/advisories/31982
http://secunia.com/advisories/32148
http://secunia.com/advisories/32316
http://secunia.com/advisories/32746
http://secunia.com/advisories/32884
http://secunia.com/advisories/33797
http://secunia.com/advisories/35074
http://secunia.com/advisories/35306
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
SuSE Security Announcement: SUSE-SR:2008:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
http://www.vupen.com/english/advisories/2008/2336
http://www.vupen.com/english/advisories/2008/3275
http://www.vupen.com/english/advisories/2009/0320
http://www.vupen.com/english/advisories/2009/1297
XForce ISS Database: php-imageloadfont-dos(44401)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44401
Common Vulnerability Exposure (CVE) ID: CVE-2008-3659
HPdes Security Advisory: HPSBUX02431
http://marc.info/?l=bugtraq&m=124654546101607&w=2
HPdes Security Advisory: SSRT090085
http://www.openwall.com/lists/oss-security/2008/08/08/3
http://www.openwall.com/lists/oss-security/2008/08/08/4
http://osvdb.org/47483
http://www.securitytracker.com/id?1020995
http://secunia.com/advisories/35650
XForce ISS Database: php-memnstr-bo(44405)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44405
Common Vulnerability Exposure (CVE) ID: CVE-2008-3660
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597
http://www.securitytracker.com/id?1020994
XForce ISS Database: php-curl-unspecified(44402)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44402

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63251
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:024 (php4)
Resumen:	The remote host is missing an update to php4;announced via advisory MDVSA-2009:024.
Descripción:	Summary: The remote host is missing an update to php4 announced via advisory MDVSA-2009:024. Vulnerability Insight: A buffer overflow in the imageloadfont() function in PHP allowed context-dependent attackers to cause a denial of service (crash) and potentially execute arbitrary code via a crafted font file (CVE-2008-3658). A buffer overflow in the memnstr() function allowed context-dependent attackers to cause a denial of service (crash) and potentially execute arbitrary code via the delimiter argument to the explode() function (CVE-2008-3659). PHP, when used as a FastCGI module, allowed remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension (CVE-2008-3660). The updated packages have been patched to correct these issues. Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3658 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 30649 http://www.securityfocus.com/bid/30649 Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/501376/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1647 (Google Search) http://www.debian.org/security/2008/dsa-1647 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html http://security.gentoo.org/glsa/glsa-200811-05.xml HPdes Security Advisory: HPSBTU02382 http://www.securityfocus.com/archive/1/498647/100/0/threaded HPdes Security Advisory: HPSBUX02401 http://marc.info/?l=bugtraq&m=123376588623823&w=2 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: SSRT080132 HPdes Security Advisory: SSRT090005 HPdes Security Advisory: SSRT090192 http://www.mandriva.com/security/advisories?name=MDVSA-2009:021 http://www.mandriva.com/security/advisories?name=MDVSA-2009:022 http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 http://www.mandriva.com/security/advisories?name=MDVSA-2009:024 http://news.php.net/php.cvs/51219 http://www.openwall.com/lists/oss-security/2008/08/08/2 http://www.openwall.com/lists/oss-security/2008/08/13/8 http://osvdb.org/47484 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9724 http://www.redhat.com/support/errata/RHSA-2009-0350.html http://secunia.com/advisories/31982 http://secunia.com/advisories/32148 http://secunia.com/advisories/32316 http://secunia.com/advisories/32746 http://secunia.com/advisories/32884 http://secunia.com/advisories/33797 http://secunia.com/advisories/35074 http://secunia.com/advisories/35306 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html SuSE Security Announcement: SUSE-SR:2008:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html http://www.vupen.com/english/advisories/2008/2336 http://www.vupen.com/english/advisories/2008/3275 http://www.vupen.com/english/advisories/2009/0320 http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: php-imageloadfont-dos(44401) https://exchange.xforce.ibmcloud.com/vulnerabilities/44401 Common Vulnerability Exposure (CVE) ID: CVE-2008-3659 HPdes Security Advisory: HPSBUX02431 http://marc.info/?l=bugtraq&m=124654546101607&w=2 HPdes Security Advisory: SSRT090085 http://www.openwall.com/lists/oss-security/2008/08/08/3 http://www.openwall.com/lists/oss-security/2008/08/08/4 http://osvdb.org/47483 http://www.securitytracker.com/id?1020995 http://secunia.com/advisories/35650 XForce ISS Database: php-memnstr-bo(44405) https://exchange.xforce.ibmcloud.com/vulnerabilities/44405 Common Vulnerability Exposure (CVE) ID: CVE-2008-3660 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597 http://www.securitytracker.com/id?1020994 XForce ISS Database: php-curl-unspecified(44402) https://exchange.xforce.ibmcloud.com/vulnerabilities/44402
Copyright	Copyright (C) 2009 E-Soft Inc.