English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 76783 CVE Beschreibungen
und 40246 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.61225
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDVSA-2008:128 (php)
Zusammenfassung:Mandrake Security Advisory MDVSA-2008:128 (php)
Beschreibung:
The remote host is missing an update to php
announced via advisory MDVSA-2008:128.

A number of vulnerabilities have been found and corrected in PHP:

php-cgi in PHP prior to 5.2.6 does not properly calculate the length
of PATH_TRANSLATED, which has unknown impact and attack vectors
(CVE-2008-0599).

The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown
impact and context-dependent attack vectors related to incomplete
multibyte characters (CVE-2008-2051).

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).

The IMAP module in PHP uses obsolete API calls that allow
context-dependent attackers to cause a denial of service (crash)
via a long IMAP request (CVE-2008-2829).

In addition, the updated packages provide a number of bug fixes.

The updated packages have been patched to correct these issues.

Affected: 2008.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:128

Risk factor : Critical
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-0599
Bugtraq: 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/492535/100/0/threaded
http://www.openwall.com/lists/oss-security/2008/05/02/2
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
http://security.gentoo.org/glsa/glsa-200811-05.xml
HPdes Security Advisory: HPSBUX02342
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437
HPdes Security Advisory: SSRT080063
HPdes Security Advisory: HPSBUX02431
http://marc.info/?l=bugtraq&m=124654546101607&w=2
HPdes Security Advisory: SSRT090085
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: SSRT090192
http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
http://www.mandriva.com/security/advisories?name=MDVSA-2008:128
http://www.redhat.com/support/errata/RHSA-2008-0505.html
http://marc.info/?l=slackware-security&m=121022465827871&w=2
http://www.ubuntu.com/usn/usn-628-1
CERT/CC vulnerability note: VU#147027
http://www.kb.cert.org/vuls/id/147027
BugTraq ID: 29009
http://www.securityfocus.com/bid/29009
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5510
http://secunia.com/advisories/35650
http://secunia.com/advisories/32746
http://www.vupen.com/english/advisories/2008/1412
http://www.vupen.com/english/advisories/2008/1810/references
http://www.vupen.com/english/advisories/2008/2268
http://www.securitytracker.com/id?1019958
http://secunia.com/advisories/30048
http://secunia.com/advisories/30345
http://secunia.com/advisories/30757
http://secunia.com/advisories/30828
http://secunia.com/advisories/31200
http://secunia.com/advisories/31326
http://secunia.com/advisories/30083
http://secunia.com/advisories/30616
XForce ISS Database: php-vector-unspecified(42137)
http://xforce.iss.net/xforce/xfdb/42137
Common Vulnerability Exposure (CVE) ID: CVE-2008-2051
Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/archive/1/492671/100/0/threaded
Debian Security Information: DSA-1578 (Google Search)
http://www.debian.org/security/2008/dsa-1578
Debian Security Information: DSA-1572 (Google Search)
http://www.debian.org/security/2008/dsa-1572
http://www.mandriva.com/security/advisories?name=MDVSA-2008:125
http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
http://www.redhat.com/support/errata/RHSA-2008-0544.html
http://www.redhat.com/support/errata/RHSA-2008-0545.html
http://www.redhat.com/support/errata/RHSA-2008-0546.html
http://www.redhat.com/support/errata/RHSA-2008-0582.html
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10256
http://secunia.com/advisories/30288
http://secunia.com/advisories/30411
http://secunia.com/advisories/30967
http://secunia.com/advisories/31119
http://secunia.com/advisories/31124
http://secunia.com/advisories/30158
Common Vulnerability Exposure (CVE) ID: CVE-2008-2107
Bugtraq: 20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/491683/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
http://www.sektioneins.de/advisories/SE-2008-02.txt
Debian Security Information: DSA-1789 (Google Search)
http://www.debian.org/security/2009/dsa-1789
http://www.mandriva.com/security/advisories?name=MDVSA-2008:129
http://www.mandriva.com/security/advisories?name=MDVSA-2008:130
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10644
http://secunia.com/advisories/35003
http://securityreason.com/securityalert/3859
XForce ISS Database: php-generateseed-weak-security(42226)
http://xforce.iss.net/xforce/xfdb/42226
XForce ISS Database: php-generateseed-security-bypass(42284)
http://xforce.iss.net/xforce/xfdb/42284
Common Vulnerability Exposure (CVE) ID: CVE-2008-2108
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10844
Common Vulnerability Exposure (CVE) ID: CVE-2008-2829
Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501376/100/0/threaded
http://bugs.php.net/bug.php?id=42862
http://www.openwall.com/lists/oss-security/2008/06/19/6
http://www.openwall.com/lists/oss-security/2008/06/24/2
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
SuSE Security Announcement: SUSE-SR:2008:027 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
BugTraq ID: 29829
http://www.securityfocus.com/bid/29829
http://osvdb.org/46641
http://secunia.com/advisories/35074
http://secunia.com/advisories/35306
http://www.vupen.com/english/advisories/2009/1297
XForce ISS Database: php-phpimap-dos(43357)
http://xforce.iss.net/xforce/xfdb/43357
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 40246 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.