 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.66088 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandrake Security Advisory MDVSA-2009:285 (php) |
| Resumen: | The remote host is missing an update to php;announced via advisory MDVSA-2009:285. |
| Descripción: | Summary: The remote host is missing an update to php announced via advisory MDVSA-2009:285. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in php: The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information (CVE-2009-3546). Added two upstream patches to address a bypass vulnerability in open_basedir and safe_mode. Additionally on CS4 a regression was found and fixed when using the gd-bundled.so variant from the php-gd package. This update fixes these vulnerabilities. Affected: 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-3293 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: HPSBUX02543 http://marc.info/?l=bugtraq&m=127680701405735&w=2 HPdes Security Advisory: SSRT090208 HPdes Security Advisory: SSRT100152 http://www.osvdb.org/58187 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7047 http://www.securitytracker.com/id?1022914 http://secunia.com/advisories/36791 http://secunia.com/advisories/40262 SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://www.vupen.com/english/advisories/2009/3184 Common Vulnerability Exposure (CVE) ID: CVE-2009-3546 36712 http://www.securityfocus.com/bid/36712 37069 http://secunia.com/advisories/37069 37080 http://secunia.com/advisories/37080 38055 http://secunia.com/advisories/38055 ADV-2009-2929 http://www.vupen.com/english/advisories/2009/2929 ADV-2009-2930 http://www.vupen.com/english/advisories/2009/2930 MDVSA-2009:285 http://www.mandriva.com/security/advisories?name=MDVSA-2009:285 RHSA-2010:0003 http://www.redhat.com/support/errata/RHSA-2010-0003.html [oss-security] 20091015 Re: CVE Request -- PHP 5 - 5.2.11 http://marc.info/?l=oss-security&m=125562113503923&w=2 [oss-security] 20091120 Re: CVE request: php 5.3.1 update http://www.openwall.com/lists/oss-security/2009/11/20/5 http://svn.php.net/viewvc?view=revision&revision=289557 oval:org.mitre.oval:def:11199 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |