ID de Prueba:	1.3.6.1.4.1.25623.1.0.805660
Categoría:	Web application abuses
Título:	PHP Multiple Vulnerabilities - 02 (Jun 2015) - Linux
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Algorithmic complexity vulnerability in the 'multipart_buffer_headers' function in main/rfc1867.c script in PHP. - 'pcntl_exec' implementation in PHP truncates a pathname upon encountering a \x00 character. - Integer overflow in the 'ftp_genlist' function in ext/ftp/ftp.c script in PHP. - The 'phar_parse_tarfile' function in ext/phar/tar.c script in PHP does not verify that the first character of a filename is different from the \0 character. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to cause a denial of service, bypass intended extension restrictions and access and execute files or directories with unexpected names via crafted dimensions and remote FTP servers to execute arbitrary code. Affected Software/OS: PHP versions before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 Solution: Update to PHP 5.4.41 or 5.5.25 or 5.6.9 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4026 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 75056 http://www.securityfocus.com/bid/75056 Debian Security Information: DSA-3280 (Google Search) http://www.debian.org/security/2015/dsa-3280 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html https://security.gentoo.org/glsa/201606-10 RedHat Security Advisories: RHSA-2015:1135 http://rhn.redhat.com/errata/RHSA-2015-1135.html RedHat Security Advisories: RHSA-2015:1186 http://rhn.redhat.com/errata/RHSA-2015-1186.html RedHat Security Advisories: RHSA-2015:1187 http://rhn.redhat.com/errata/RHSA-2015-1187.html RedHat Security Advisories: RHSA-2015:1218 http://rhn.redhat.com/errata/RHSA-2015-1218.html RedHat Security Advisories: RHSA-2015:1219 http://rhn.redhat.com/errata/RHSA-2015-1219.html http://www.securitytracker.com/id/1032431 SuSE Security Announcement: openSUSE-SU-2015:0993 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2015-4025 BugTraq ID: 74904 http://www.securityfocus.com/bid/74904 Common Vulnerability Exposure (CVE) ID: CVE-2015-4024 BugTraq ID: 74903 http://www.securityfocus.com/bid/74903 http://www.securitytracker.com/id/1032432 Common Vulnerability Exposure (CVE) ID: CVE-2015-4022 BugTraq ID: 74902 http://www.securityfocus.com/bid/74902 http://www.securitytracker.com/id/1032433 Common Vulnerability Exposure (CVE) ID: CVE-2015-4021 BugTraq ID: 74700 http://www.securityfocus.com/bid/74700
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.