Test Kennung:	1.3.6.1.4.1.25623.1.0.70759
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: php5, php5-exif
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: php5 php5-exif php52 php52-exif CVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. CVE-2011-4885 PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4566 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html BugTraq ID: 50907 http://www.securityfocus.com/bid/50907 Debian Security Information: DSA-2399 (Google Search) http://www.debian.org/security/2012/dsa-2399 http://www.mandriva.com/security/advisories?name=MDVSA-2011:197 http://www.redhat.com/support/errata/RHSA-2012-0019.html RedHat Security Advisories: RHSA-2012:0071 http://rhn.redhat.com/errata/RHSA-2012-0071.html http://secunia.com/advisories/47253 http://secunia.com/advisories/48668 SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html https://www.ubuntu.com/usn/USN-1307-1/ XForce ISS Database: php-exifprocessifdtag-dos(71612) https://exchange.xforce.ibmcloud.com/vulnerabilities/71612 Common Vulnerability Exposure (CVE) ID: CVE-2011-4885 BugTraq ID: 51193 http://www.securityfocus.com/bid/51193 Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search) http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html CERT/CC vulnerability note: VU#903934 http://www.kb.cert.org/vuls/id/903934 http://www.exploit-db.com/exploits/18296 http://www.exploit-db.com/exploits/18305 HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: HPSBUX02741 http://marc.info/?l=bugtraq&m=132871655717248&w=2 HPdes Security Advisory: SSRT100728 HPdes Security Advisory: SSRT100826 HPdes Security Advisory: SSRT100877 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py http://www.securitytracker.com/id?1026473 http://secunia.com/advisories/47404 SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html XForce ISS Database: php-hash-dos(72021) https://exchange.xforce.ibmcloud.com/vulnerabilities/72021
Copyright	Copyright (C) 2012 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.