Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:045 (php)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66930

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:045 (php)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to php
announced via advisory MDVSA-2010:045.

A vulnerability has been found and corrected in php:

PHP before 5.2.12 does not properly handle session data,
which has unspecified impact and attack vectors related to (1)
interrupt corruption of the SESSION superglobal array and (2) the
session.save_path directive (CVE-2009-4143).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:045

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4143
37390
http://www.securityfocus.com/bid/37390
37821
http://secunia.com/advisories/37821
38648
http://secunia.com/advisories/38648
40262
http://secunia.com/advisories/40262
41480
http://secunia.com/advisories/41480
41490
http://secunia.com/advisories/41490
ADV-2009-3593
http://www.vupen.com/english/advisories/2009/3593
APPLE-SA-2010-03-29-1
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
DSA-2001
http://www.debian.org/security/2010/dsa-2001
HPSBMA02568
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
HPSBUX02543
http://marc.info/?l=bugtraq&m=127680701405735&w=2
MDVSA-2010:045
http://www.mandriva.com/security/advisories?name=MDVSA-2010:045
SSRT100152
SSRT100219
http://support.apple.com/kb/HT4077
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_2_12.php
oval:org.mitre.oval:def:7439
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66930
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:045 (php)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php announced via advisory MDVSA-2010:045. A vulnerability has been found and corrected in php: PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive (CVE-2009-4143). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:045 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4143 37390 http://www.securityfocus.com/bid/37390 37821 http://secunia.com/advisories/37821 38648 http://secunia.com/advisories/38648 40262 http://secunia.com/advisories/40262 41480 http://secunia.com/advisories/41480 41490 http://secunia.com/advisories/41490 ADV-2009-3593 http://www.vupen.com/english/advisories/2009/3593 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html DSA-2001 http://www.debian.org/security/2010/dsa-2001 HPSBMA02568 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 HPSBUX02543 http://marc.info/?l=bugtraq&m=127680701405735&w=2 MDVSA-2010:045 http://www.mandriva.com/security/advisories?name=MDVSA-2010:045 SSRT100152 SSRT100219 http://support.apple.com/kb/HT4077 http://www.php.net/ChangeLog-5.php http://www.php.net/releases/5_2_12.php oval:org.mitre.oval:def:7439 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com