Test Kennung:	1.3.6.1.4.1.25623.1.0.57494
Kategorie:	Trustix Local Security Checks
Titel:	Trustix Security Advisory TSLSA-2006-0055 (Multiple packages)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory TSLSA-2006-0055. openldap < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Howard Chu has reported a security issue in OpenLDAP, caused due to an error within the Access Control List processing. If a user has selfwrite access to an attribute, this can be exploited to modify arbitrary values of the attribute. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-4600 to this issue. php < TSL 3.0 > < TSL 2.2 > - SECURITY Fix: A vulnerability has been reported in PHP, caused due to an integer overflow within the _ecalloc function. This can potentially be exploited to execute arbitrary code via specially crafted requests if a PHP script allocates memory based on attacker supplied data. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-4812 to this issue. php4 < TSL 2.2 > - SECURITY Fix: A vulnerability has been reported in PHP, caused due to an integer overflow within the _ecalloc function. This can potentially be exploited to execute arbitrary code via specially crafted requests if a PHP script allocates memory based on attacker supplied data. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-4812 to this issue. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0055 Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4600 BugTraq ID: 19832 http://www.securityfocus.com/bid/19832 Bugtraq: 20060929 rPSA-2006-0176-1 openldap openldap-clients openldap-servers (Google Search) http://www.securityfocus.com/archive/1/447395/100/200/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://security.gentoo.org/glsa/glsa-200711-23.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:171 http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587 http://www.openldap.org/lists/openldap-announce/200608/msg00000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618 http://www.redhat.com/support/errata/RHSA-2007-0310.html http://www.redhat.com/support/errata/RHSA-2007-0430.html http://securitytracker.com/id?1016783 http://secunia.com/advisories/21721 http://secunia.com/advisories/22219 http://secunia.com/advisories/22273 http://secunia.com/advisories/22300 http://secunia.com/advisories/25098 http://secunia.com/advisories/25628 http://secunia.com/advisories/25676 http://secunia.com/advisories/25894 http://secunia.com/advisories/26909 http://secunia.com/advisories/27706 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://www.trustix.org/errata/2006/0055 http://www.vupen.com/english/advisories/2007/2186 http://www.vupen.com/english/advisories/2007/3229 XForce ISS Database: openldap-selfwrite-security-bypass(28772) https://exchange.xforce.ibmcloud.com/vulnerabilities/28772 Common Vulnerability Exposure (CVE) ID: CVE-2006-4812 1016984 http://securitytracker.com/id?1016984 1691 http://securityreason.com/securityalert/1691 2006-0055 20061009 Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow http://www.securityfocus.com/archive/1/448014/100/0/threaded 20349 http://www.securityfocus.com/bid/20349 22280 http://secunia.com/advisories/22280 22281 http://secunia.com/advisories/22281 22300 22331 http://secunia.com/advisories/22331 22338 http://secunia.com/advisories/22338 22533 http://secunia.com/advisories/22533 22538 http://secunia.com/advisories/22538 22650 http://secunia.com/advisories/22650 ADV-2006-3922 http://www.vupen.com/english/advisories/2006/3922 GLSA-200610-14 http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml OpenPKG-SA-2006.023 http://www.securityfocus.com/archive/1/448953/100/0/threaded RHSA-2006:0688 http://rhn.redhat.com/errata/RHSA-2006-0688.html RHSA-2006:0708 http://rhn.redhat.com/errata/RHSA-2006-0708.html SUSE-SA:2006:059 http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html USN-362-1 http://www.ubuntu.com/usn/usn-362-1 http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162 http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm http://www.hardened-php.net/advisory_092006.133.html http://www.hardened-php.net/files/CVE-2006-4812.patch php-ecalloc-integer-overflow(29362) https://exchange.xforce.ibmcloud.com/vulnerabilities/29362
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.