Test Kennung:	1.3.6.1.4.1.25623.1.0.56736
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2006:074 (php)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to php announced via advisory MDKSA-2006:074. A cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP <= 5.1.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. (CVE-2006-0996) Directory traversal vulnerability in file.c in PHP <= 5.1.2 allows local users to bypass open_basedir restrictions and allows remote attackers to create files in arbitrary directories via the tempnam function. (CVE-2006-1494) The copy function in file.c in PHP <= 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. (CVE-2006-1608) Updated packages have been patched to address these issues. After upgrading these packages, please run service httpd restart. Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:074 Risk factor : Medium CVSS Score: 4.3
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0996 BugTraq ID: 17362 http://www.securityfocus.com/bid/17362 http://security.gentoo.org/glsa/glsa-200605-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:074 http://marc.info/?l=php-cvs&m=114374620416389&w=2 http://www.osvdb.org/24484 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997 RedHat Security Advisories: RHSA-2006:0276 http://rhn.redhat.com/errata/RHSA-2006-0276.html http://www.redhat.com/support/errata/RHSA-2006-0501.html RedHat Security Advisories: RHSA-2006:0549 http://rhn.redhat.com/errata/RHSA-2006-0549.html http://securitytracker.com/id?1015879 http://secunia.com/advisories/19599 http://secunia.com/advisories/19775 http://secunia.com/advisories/19832 http://secunia.com/advisories/19979 http://secunia.com/advisories/20052 http://secunia.com/advisories/20210 http://secunia.com/advisories/20222 http://secunia.com/advisories/20951 http://secunia.com/advisories/21125 http://secunia.com/advisories/21252 http://secunia.com/advisories/21564 SGI Security Advisory: 20060501-01-U ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://securityreason.com/securityalert/675 http://securityreason.com/achievement_securityalert/34 SuSE Security Announcement: SUSE-SA:2006:024 (Google Search) http://www.novell.com/linux/security/advisories/05-05-2006.html http://www.ubuntu.com/usn/usn-320-1 http://www.vupen.com/english/advisories/2006/1290 http://www.vupen.com/english/advisories/2006/2685 XForce ISS Database: php-phpinfo-long-array-xss(25702) https://exchange.xforce.ibmcloud.com/vulnerabilities/25702 Common Vulnerability Exposure (CVE) ID: CVE-2006-1494 BugTraq ID: 17439 http://www.securityfocus.com/bid/17439 Bugtraq: 20061005 rPSA-2006-0182-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/447866/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10196 http://www.redhat.com/support/errata/RHSA-2006-0567.html http://www.redhat.com/support/errata/RHSA-2006-0568.html http://securitytracker.com/id?1015881 http://secunia.com/advisories/21031 http://secunia.com/advisories/21135 http://secunia.com/advisories/21202 http://secunia.com/advisories/21723 http://secunia.com/advisories/22225 SGI Security Advisory: 20060701-01-U ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://securityreason.com/securityalert/677 http://securityreason.com/achievement_securityalert/36 XForce ISS Database: php-tempnam-directory-traversal(25705) https://exchange.xforce.ibmcloud.com/vulnerabilities/25705 Common Vulnerability Exposure (CVE) ID: CVE-2006-1608 Bugtraq: 20060409 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2 (Google Search) http://www.securityfocus.com/archive/1/430461/100/0/threaded Bugtraq: 20060718 new shell bypass safe mode (Google Search) http://www.securityfocus.com/archive/1/440869/100/0/threaded Bugtraq: 20060723 Re: new shell bypass safe mode (Google Search) http://www.securityfocus.com/archive/1/441210/100/0/threaded http://www.osvdb.org/24487 http://securitytracker.com/id?1015882 http://securityreason.com/securityalert/678 http://securityreason.com/achievement_securityalert/37 XForce ISS Database: php-copy-safemode-bypass(25706) https://exchange.xforce.ibmcloud.com/vulnerabilities/25706
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.