 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.64960 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandrake Security Advisory MDVSA-2009:248 (php) |
| Resumen: | The remote host is missing an update to php;announced via advisory MDVSA-2009:248. |
| Descripción: | Summary: The remote host is missing an update to php announced via advisory MDVSA-2009:248. Vulnerability Insight: Multiple vulnerabilities was discovered and corrected in php: The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates (CVE-2009-3291). Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to missing sanity checks around exif processing. (CVE-2009-3292) Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect sanity check for the color index. (CVE-2009-3293). However in Mandriva we don't use the bundled libgd source in php per default, there is a unsupported package in contrib named php-gd-bundled that eventually will get updated to pickup these fixes. This update provides a solution to these vulnerabilities. Affected: 2009.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-3291 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html Debian Security Information: DSA-1940 (Google Search) http://www.debian.org/security/2009/dsa-1940 HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: HPSBUX02543 http://marc.info/?l=bugtraq&m=127680701405735&w=2 HPdes Security Advisory: SSRT090208 HPdes Security Advisory: SSRT100152 http://www.osvdb.org/58185 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10438 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7394 http://www.securitytracker.com/id?1022914 http://secunia.com/advisories/36791 http://secunia.com/advisories/37482 http://secunia.com/advisories/40262 SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://www.vupen.com/english/advisories/2009/3184 XForce ISS Database: php-certificate-unspecified(53334) https://exchange.xforce.ibmcloud.com/vulnerabilities/53334 Common Vulnerability Exposure (CVE) ID: CVE-2009-3292 http://www.mandriva.com/security/advisories?name=MDVSA-2009:302 http://www.openwall.com/lists/oss-security/2009/11/20/2 http://www.openwall.com/lists/oss-security/2009/11/20/3 http://news.php.net/php.announce/79 http://www.osvdb.org/58186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7652 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9982 http://secunia.com/advisories/37412 Common Vulnerability Exposure (CVE) ID: CVE-2009-3293 http://www.osvdb.org/58187 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7047 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |