ID de Prueba:	1.3.6.1.4.1.25623.1.0.902317
Categoría:	Web application abuses
Título:	PHP 5.3.x < 5.3.4 Multiple Vulnerabilities
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2010-2950: An error in 'stream.c' in the phar extension, which allows attackers to obtain sensitive information. - CVE-2010-3436: An error in 'open_wrappers.c', allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. - CVE-2010-4156: An error in 'mb_strcut()' function in 'Libmbfl', allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). Vulnerability Impact: Successful exploitation could allow attackers to obtain sensitive information and possibly execute arbitrary code via a crafted phar:// URI. Affected Software/OS: PHP version 5.3.x through 5.3.3. Solution: Update to version 5.3.4 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2950 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html HPdes Security Advisory: HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 HPdes Security Advisory: SSRT100409 http://www.mandriva.com/security/advisories?name=MDVSA-2010:254 http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/index.html SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2010-3436 42729 http://secunia.com/advisories/42729 42812 http://secunia.com/advisories/42812 44723 http://www.securityfocus.com/bid/44723 ADV-2010-3313 http://www.vupen.com/english/advisories/2010/3313 ADV-2011-0077 http://www.vupen.com/english/advisories/2011/0077 APPLE-SA-2011-03-21-1 APPLE-SA-2011-10-12-3 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html MDVSA-2010:218 http://www.mandriva.com/security/advisories?name=MDVSA-2010:218 SSA:2010-357-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619 USN-1042-1 http://www.ubuntu.com/usn/USN-1042-1 http://security-tracker.debian.org/tracker/CVE-2010-3436 http://support.apple.com/kb/HT4581 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824 http://svn.php.net/viewvc?view=revision&revision=303824 http://www.php.net/ChangeLog-5.php http://www.php.net/archive/2010.php#id2010-12-10-1 http://www.php.net/releases/5_2_15.php http://www.php.net/releases/5_3_4.php Common Vulnerability Exposure (CVE) ID: CVE-2010-4156 42135 http://secunia.com/advisories/42135 43189 http://secunia.com/advisories/43189 44727 http://www.securityfocus.com/bid/44727 ADV-2011-0020 http://www.vupen.com/english/advisories/2011/0020 ADV-2011-0021 http://www.vupen.com/english/advisories/2011/0021 FEDORA-2010-18976 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html FEDORA-2010-19011 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html HPSBMA02662 MDVSA-2010:225 http://www.mandriva.com/security/advisories?name=MDVSA-2010:225 RHSA-2011:0196 http://www.redhat.com/support/errata/RHSA-2011-0196.html SSRT100409 [oss-security] 20101107 CVE Request: PHP 5.3.3, libmbfl, mb_strcut http://www.openwall.com/lists/oss-security/2010/11/07/2 [oss-security] 20101108 Re: CVE Request: PHP 5.3.3, libmbfl, mb_strcut http://www.openwall.com/lists/oss-security/2010/11/08/13 http://pastie.org/1279428 http://pastie.org/1279682
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.