English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 73247 CVE Beschreibungen
und 39212 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.71135
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 2408-1 (php5)
Zusammenfassung:Debian Security Advisory DSA 2408-1 (php5)
Beschreibung:The remote host is missing an update to php5
announced via advisory DSA 2408-1.

Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:

CVE-2011-1072

It was discoverd that insecure handling of temporary files in the PEAR
installer could lead to denial of service.

CVE-2011-4153

Maksymilian Arciemowicz discovered that a NULL pointer dereference in
the zend_strndup() function could lead to denial of service.

CVE-2012-0781

Maksymilian Arciemowicz discovered that a NULL pointer dereference in
the tidy_diagnose() function could lead to denial of service.

CVE-2012-0788

It was discovered that missing checks in the handling of PDORow
objects could lead to denial of service.

CVE-2012-0831

It was discovered that the magic_quotes_gpc setting could be disabled
remotely

This update also addresses PHP bugs, which are not treated as security issues
in Debian (see README.Debian.security), but which were fixed nonetheless:
CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467
CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182
CVE-2011-3267

For the stable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze8.

For the unstable distribution (sid), this problem has been fixed in
version 5.3.10-1.

We recommend that you upgrade your php5 packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%202408-1
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-1072
http://openwall.com/lists/oss-security/2011/02/28/3
http://openwall.com/lists/oss-security/2011/02/28/5
http://openwall.com/lists/oss-security/2011/02/28/12
http://openwall.com/lists/oss-security/2011/03/01/4
http://openwall.com/lists/oss-security/2011/03/01/5
http://openwall.com/lists/oss-security/2011/03/01/7
http://openwall.com/lists/oss-security/2011/03/01/8
http://openwall.com/lists/oss-security/2011/03/01/9
http://www.mandriva.com/security/advisories?name=MDVSA-2011:187
http://www.redhat.com/support/errata/RHSA-2011-1741.html
BugTraq ID: 46605
http://www.securityfocus.com/bid/46605
http://secunia.com/advisories/43533
XForce ISS Database: pear-pear-installer-symlink(65721)
http://xforce.iss.net/xforce/xfdb/65721
Common Vulnerability Exposure (CVE) ID: CVE-2011-4153
Bugtraq: 20120114 PHP 5.3.8 Multiple vulnerabilities (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
http://www.exploit-db.com/exploits/18370/
http://cxsecurity.com/research/103
HPdes Security Advisory: HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPdes Security Advisory: SSRT100877
HPdes Security Advisory: HPSBUX02791
http://marc.info/?l=bugtraq&m=134012830914727&w=2
HPdes Security Advisory: SSRT100856
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
http://secunia.com/advisories/48668
Common Vulnerability Exposure (CVE) ID: CVE-2012-0781
Common Vulnerability Exposure (CVE) ID: CVE-2012-0788
Common Vulnerability Exposure (CVE) ID: CVE-2012-0831
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
RedHat Security Advisories: RHSA-2013:1307
http://rhn.redhat.com/errata/RHSA-2013-1307.html
http://www.ubuntu.com/usn/USN-1358-1
BugTraq ID: 51954
http://www.securityfocus.com/bid/51954
http://secunia.com/advisories/55078
XForce ISS Database: php-magicquotesgpc-sec-bypass(73125)
http://xforce.iss.net/xforce/xfdb/73125
Common Vulnerability Exposure (CVE) ID: CVE-2010-4697
BugTraq ID: 45952
http://www.securityfocus.com/bid/45952
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12528
XForce ISS Database: php-zendengine-code-execution(65310)
http://xforce.iss.net/xforce/xfdb/65310
Common Vulnerability Exposure (CVE) ID: CVE-2011-1092
http://www.exploit-db.com/exploits/16966
http://www.openwall.com/lists/oss-security/2011/03/08/9
http://www.openwall.com/lists/oss-security/2011/03/08/11
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
BugTraq ID: 46786
http://www.securityfocus.com/bid/46786
http://securityreason.com/securityalert/8130
http://www.vupen.com/english/advisories/2011/0744
XForce ISS Database: php-shmopread-overflow(65988)
http://xforce.iss.net/xforce/xfdb/65988
Common Vulnerability Exposure (CVE) ID: CVE-2011-1148
http://openwall.com/lists/oss-security/2011/03/13/2
http://openwall.com/lists/oss-security/2011/03/13/3
http://openwall.com/lists/oss-security/2011/03/13/9
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.redhat.com/support/errata/RHSA-2011-1423.html
BugTraq ID: 46843
http://www.securityfocus.com/bid/46843
BugTraq ID: 49241
http://www.securityfocus.com/bid/49241
XForce ISS Database: php-substrreplace-code-exec(66080)
http://xforce.iss.net/xforce/xfdb/66080
Common Vulnerability Exposure (CVE) ID: CVE-2011-1464
Common Vulnerability Exposure (CVE) ID: CVE-2011-1467
BugTraq ID: 46968
http://www.securityfocus.com/bid/46968
Common Vulnerability Exposure (CVE) ID: CVE-2011-1468
BugTraq ID: 46977
http://www.securityfocus.com/bid/46977
Common Vulnerability Exposure (CVE) ID: CVE-2011-1469
BugTraq ID: 46970
http://www.securityfocus.com/bid/46970
Common Vulnerability Exposure (CVE) ID: CVE-2011-1470
BugTraq ID: 46969
http://www.securityfocus.com/bid/46969
Common Vulnerability Exposure (CVE) ID: CVE-2011-1657
http://securityreason.com/achievement_securityalert/100
Bugtraq: 20110819 PHP 5.3.6 ZipArchive invalid use glob(3) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/519385/100/0/threaded
http://www.openwall.com/lists/oss-security/2011/07/01/8
http://www.openwall.com/lists/oss-security/2011/07/01/7
http://www.openwall.com/lists/oss-security/2011/07/01/6
BugTraq ID: 49252
http://www.securityfocus.com/bid/49252
http://securityreason.com/securityalert/8342
XForce ISS Database: php-ziparchiveaddglob-dos(69320)
http://xforce.iss.net/xforce/xfdb/69320
Common Vulnerability Exposure (CVE) ID: CVE-2011-3182
http://securityreason.com/achievement_securityalert/101
http://marc.info/?l=full-disclosure&m=131373057621672&w=2
http://www.openwall.com/lists/oss-security/2011/08/22/9
BugTraq ID: 49249
http://www.securityfocus.com/bid/49249
XForce ISS Database: php-library-functions-dos(69430)
http://xforce.iss.net/xforce/xfdb/69430
Common Vulnerability Exposure (CVE) ID: CVE-2011-3267
http://osvdb.org/74739
XForce ISS Database: php-errorlog-dos(69428)
http://xforce.iss.net/xforce/xfdb/69428
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39212 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.