Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2012.0598.2
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2012:0598-2)
Resumen:The remote host is missing an update for the 'PHP5' package(s) announced via the SUSE-SU-2012:0598-2 advisory.
Descripción:Summary:
The remote host is missing an update for the 'PHP5' package(s) announced via the SUSE-SU-2012:0598-2 advisory.

Vulnerability Insight:
This update fixes several security issues in PHP5:

* CVE-2012-1172: A directory traversal bug has been fixed in PHP5.
* CVE-2012-1823, CVE-2012-2311: A command injection was possible when PHP5 was operated in CGI mode using commandline options. This problem does not affect PHP5 in the normal apache module mode setup.
* Also a pack/unpacking bug on big endian 64bit architectures (ppc64 and s390x) has been fixed. bnc#753778

Security Issue references:

* CVE-2012-1172
>
* CVE-2012-1823
>
* CVE-2012-2311
>

Affected Software/OS:
'PHP5' package(s) on SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise Software Development Kit 11 SP1, SUSE Linux Enterprise Software Development Kit 11 SP2.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1172
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Debian Security Information: DSA-2465 (Google Search)
http://www.debian.org/security/2012/dsa-2465
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
HPdes Security Advisory: HPSBUX02791
http://marc.info/?l=bugtraq&m=134012830914727&w=2
HPdes Security Advisory: SSRT100856
http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/
https://bugs.php.net/bug.php?id=48597
https://bugs.php.net/bug.php?id=49683
https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/
https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf
http://openwall.com/lists/oss-security/2012/03/13/4
SuSE Security Announcement: SUSE-SU-2012:0598 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
SuSE Security Announcement: SUSE-SU-2012:0604 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-1823
CERT/CC vulnerability note: VU#520827
http://www.kb.cert.org/vuls/id/520827
CERT/CC vulnerability note: VU#673343
http://www.kb.cert.org/vuls/id/673343
HPdes Security Advisory: HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPdes Security Advisory: SSRT100877
http://www.mandriva.com/security/advisories?name=MDVSA-2012:068
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
RedHat Security Advisories: RHSA-2012:0546
http://rhn.redhat.com/errata/RHSA-2012-0546.html
RedHat Security Advisories: RHSA-2012:0547
http://rhn.redhat.com/errata/RHSA-2012-0547.html
RedHat Security Advisories: RHSA-2012:0568
http://rhn.redhat.com/errata/RHSA-2012-0568.html
RedHat Security Advisories: RHSA-2012:0569
http://rhn.redhat.com/errata/RHSA-2012-0569.html
RedHat Security Advisories: RHSA-2012:0570
http://rhn.redhat.com/errata/RHSA-2012-0570.html
http://www.securitytracker.com/id?1027022
http://secunia.com/advisories/49014
http://secunia.com/advisories/49065
http://secunia.com/advisories/49085
http://secunia.com/advisories/49087
SuSE Security Announcement: openSUSE-SU-2012:0590 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-2311
HPdes Security Advisory: HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
HPdes Security Advisory: SSRT100992
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.