Test Kennung:	1.3.6.1.4.1.25623.1.0.66065
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: php5
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: php5 CVE-2009-3291 The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. CVE-2009-3292 Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to 'missing sanity checks around exif processing.' CVE-2009-3293 Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect 'sanity check for the color index.' Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3291 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html Debian Security Information: DSA-1940 (Google Search) http://www.debian.org/security/2009/dsa-1940 HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: HPSBUX02543 http://marc.info/?l=bugtraq&m=127680701405735&w=2 HPdes Security Advisory: SSRT090208 HPdes Security Advisory: SSRT100152 http://www.osvdb.org/58185 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10438 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7394 http://www.securitytracker.com/id?1022914 http://secunia.com/advisories/36791 http://secunia.com/advisories/37482 http://secunia.com/advisories/40262 SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://www.vupen.com/english/advisories/2009/3184 XForce ISS Database: php-certificate-unspecified(53334) https://exchange.xforce.ibmcloud.com/vulnerabilities/53334 Common Vulnerability Exposure (CVE) ID: CVE-2009-3292 http://www.mandriva.com/security/advisories?name=MDVSA-2009:302 http://www.openwall.com/lists/oss-security/2009/11/20/2 http://www.openwall.com/lists/oss-security/2009/11/20/3 http://news.php.net/php.announce/79 http://www.osvdb.org/58186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7652 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9982 http://secunia.com/advisories/37412 Common Vulnerability Exposure (CVE) ID: CVE-2009-3293 http://www.osvdb.org/58187 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7047
Copyright	Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.