Test Kennung:	1.3.6.1.4.1.25623.1.0.63482
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2009:065 (php4)
Zusammenfassung:	The remote host is missing an update to php4;announced via advisory MDVSA-2009:065.
Beschreibung:	Summary: The remote host is missing an update to php4 announced via advisory MDVSA-2009:065. Vulnerability Insight: A vulnerability in the cURL library in PHP allowed context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files using a special URL request (CVE-2007-4850). improve mbfl_filt_conv_html_dec_flush() error handling in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c (CVE-2008-5557). PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server (CVE-2009-0754). The updated packages have been patched to correct these issues. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4850 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BugTraq ID: 27413 http://www.securityfocus.com/bid/27413 BugTraq ID: 29009 http://www.securityfocus.com/bid/29009 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20080122 PHP 5.2.5 cURL safe_mode bypass (Google Search) http://www.securityfocus.com/archive/1/486856/100/0/threaded Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/492671/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:022 http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 http://www.openwall.com/lists/oss-security/2008/05/02/2 http://secunia.com/advisories/30048 http://secunia.com/advisories/30411 http://secunia.com/advisories/31200 http://secunia.com/advisories/31326 http://secunia.com/advisories/32222 http://securityreason.com/securityalert/3562 http://securityreason.com/achievement_securityalert/51 http://www.ubuntu.com/usn/usn-628-1 http://www.vupen.com/english/advisories/2008/1412 http://www.vupen.com/english/advisories/2008/2268 http://www.vupen.com/english/advisories/2008/2780 XForce ISS Database: php-curlinit-security-bypass(39852) https://exchange.xforce.ibmcloud.com/vulnerabilities/39852 XForce ISS Database: php-safemode-directive-security-bypass(42134) https://exchange.xforce.ibmcloud.com/vulnerabilities/42134 Common Vulnerability Exposure (CVE) ID: CVE-2008-5557 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 32948 http://www.securityfocus.com/bid/32948 Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/501376/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1789 (Google Search) http://www.debian.org/security/2009/dsa-1789 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html HPdes Security Advisory: HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 HPdes Security Advisory: HPSBUX02431 http://marc.info/?l=bugtraq&m=124654546101607&w=2 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: SSRT090085 HPdes Security Advisory: SSRT090192 HPdes Security Advisory: SSRT100079 http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10286 http://www.redhat.com/support/errata/RHSA-2009-0350.html http://securitytracker.com/id?1021482 http://secunia.com/advisories/34642 http://secunia.com/advisories/35003 http://secunia.com/advisories/35074 http://secunia.com/advisories/35306 http://secunia.com/advisories/35650 SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html SuSE Security Announcement: SUSE-SR:2009:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: php-multibyte-bo(47525) https://exchange.xforce.ibmcloud.com/vulnerabilities/47525 Common Vulnerability Exposure (CVE) ID: CVE-2009-0754 http://www.openwall.com/lists/oss-security/2009/01/30/1 http://www.openwall.com/lists/oss-security/2009/02/03/3 http://www.openwall.com/lists/oss-security/2009/02/25/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11035 http://www.securitytracker.com/id?1021979 http://secunia.com/advisories/34830 http://secunia.com/advisories/35007 https://usn.ubuntu.com/761-1/
Copyright	Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.