Web application abuses : PHP < 5.4.42, 5.5.x < 5.5.26, 5.6.x < 5.6.10 Multiple Vulnerabilities (Aug 2016)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.808674

Categoría: Web application abuses

Título: PHP < 5.4.42, 5.5.x < 5.5.26, 5.6.x < 5.6.10 Multiple Vulnerabilities (Aug 2016) - Windows

Resumen: PHP is prone to multiple vulnerabilities.

Descripción: Summary:
PHP is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- Improper validation of token extraction for table names, in the php_pgsql_meta_data function in
pgsql.c in the PostgreSQL extension.

- Integer overflow in the ftp_genlist function in ext/ftp/ftp.c

- PHP does not ensure that pathnames lack %00 sequences.

- An error in 'escapeshellarg' function in 'ext/standard/exec.c' script.

Vulnerability Impact:
Successfully exploiting these issues allow remote attackers to
cause a denial of service, to read or write to arbitrary files, also execute arbitrary code via a
long reply to a LIST command, leading to a heap-based buffer overflow.

Affected Software/OS:
PHP prior to version 5.4.42, 5.5.x prior to 5.5.26 and 5.6.x
prior to 5.6.10 on Windows.

Solution:
Update to version 5.4.42, 5.5.26, 5.6.10 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-4598
BugTraq ID: 75244
http://www.securityfocus.com/bid/75244
Debian Security Information: DSA-3344 (Google Search)
http://www.debian.org/security/2015/dsa-3344
http://www.openwall.com/lists/oss-security/2015/06/16/12
RedHat Security Advisories: RHSA-2015:1135
http://rhn.redhat.com/errata/RHSA-2015-1135.html
RedHat Security Advisories: RHSA-2015:1186
http://rhn.redhat.com/errata/RHSA-2015-1186.html
RedHat Security Advisories: RHSA-2015:1187
http://rhn.redhat.com/errata/RHSA-2015-1187.html
RedHat Security Advisories: RHSA-2015:1218
http://rhn.redhat.com/errata/RHSA-2015-1218.html
RedHat Security Advisories: RHSA-2015:1219
http://rhn.redhat.com/errata/RHSA-2015-1219.html
http://www.securitytracker.com/id/1032709
Common Vulnerability Exposure (CVE) ID: CVE-2015-4642
BugTraq ID: 75290
http://www.securityfocus.com/bid/75290
https://security.gentoo.org/glsa/201606-10
http://openwall.com/lists/oss-security/2015/06/18/6
Common Vulnerability Exposure (CVE) ID: CVE-2015-4643
BugTraq ID: 75291
http://www.securityfocus.com/bid/75291
Common Vulnerability Exposure (CVE) ID: CVE-2015-4644
BugTraq ID: 75292
http://www.securityfocus.com/bid/75292

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.808674
Categoría:	Web application abuses
Título:	PHP < 5.4.42, 5.5.x < 5.5.26, 5.6.x < 5.6.10 Multiple Vulnerabilities (Aug 2016) - Windows
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Improper validation of token extraction for table names, in the php_pgsql_meta_data function in pgsql.c in the PostgreSQL extension. - Integer overflow in the ftp_genlist function in ext/ftp/ftp.c - PHP does not ensure that pathnames lack %00 sequences. - An error in 'escapeshellarg' function in 'ext/standard/exec.c' script. Vulnerability Impact: Successfully exploiting these issues allow remote attackers to cause a denial of service, to read or write to arbitrary files, also execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. Affected Software/OS: PHP prior to version 5.4.42, 5.5.x prior to 5.5.26 and 5.6.x prior to 5.6.10 on Windows. Solution: Update to version 5.4.42, 5.5.26, 5.6.10 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4598 BugTraq ID: 75244 http://www.securityfocus.com/bid/75244 Debian Security Information: DSA-3344 (Google Search) http://www.debian.org/security/2015/dsa-3344 http://www.openwall.com/lists/oss-security/2015/06/16/12 RedHat Security Advisories: RHSA-2015:1135 http://rhn.redhat.com/errata/RHSA-2015-1135.html RedHat Security Advisories: RHSA-2015:1186 http://rhn.redhat.com/errata/RHSA-2015-1186.html RedHat Security Advisories: RHSA-2015:1187 http://rhn.redhat.com/errata/RHSA-2015-1187.html RedHat Security Advisories: RHSA-2015:1218 http://rhn.redhat.com/errata/RHSA-2015-1218.html RedHat Security Advisories: RHSA-2015:1219 http://rhn.redhat.com/errata/RHSA-2015-1219.html http://www.securitytracker.com/id/1032709 Common Vulnerability Exposure (CVE) ID: CVE-2015-4642 BugTraq ID: 75290 http://www.securityfocus.com/bid/75290 https://security.gentoo.org/glsa/201606-10 http://openwall.com/lists/oss-security/2015/06/18/6 Common Vulnerability Exposure (CVE) ID: CVE-2015-4643 BugTraq ID: 75291 http://www.securityfocus.com/bid/75291 Common Vulnerability Exposure (CVE) ID: CVE-2015-4644 BugTraq ID: 75292 http://www.securityfocus.com/bid/75292
Copyright	Copyright (C) 2016 Greenbone AG