 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.66710 |
| Kategorie: | Mandrake Local Security Checks |
| Titel: | Mandriva Security Advisory MDVSA-2010:008 (php) |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing an update to php announced via advisory MDVSA-2010:008. Multiple vulnerabilities has been found and corrected in php: The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable (CVE-2009-2626). The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character (CVE-2009-4142). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. Affected: 2008.0, 2009.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:008 Risk factor : High CVSS Score: 6.4 |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-2626 BugTraq ID: 36009 http://www.securityfocus.com/bid/36009 Debian Security Information: DSA-1940 (Google Search) http://www.debian.org/security/2009/dsa-1940 http://secunia.com/advisories/37482 http://securityreason.com/achievement_securityalert/65 Common Vulnerability Exposure (CVE) ID: CVE-2009-4142 1023372 http://securitytracker.com/id?1023372 37389 http://www.securityfocus.com/bid/37389 37821 http://secunia.com/advisories/37821 38648 http://secunia.com/advisories/38648 40262 http://secunia.com/advisories/40262 ADV-2009-3593 http://www.vupen.com/english/advisories/2009/3593 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html DSA-2001 http://www.debian.org/security/2010/dsa-2001 HPSBUX02543 http://marc.info/?l=bugtraq&m=127680701405735&w=2 SSRT100152 http://bugs.php.net/bug.php?id=49785 http://support.apple.com/kb/HT4077 http://www.php.net/ChangeLog-5.php http://www.php.net/releases/5_2_12.php oval:org.mitre.oval:def:10005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10005 oval:org.mitre.oval:def:7085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7085 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |