Test Kennung:	1.3.6.1.4.1.25623.1.0.900185
Kategorie:	Buffer overflow
Titel:	PHP Heap-based buffer overflow in 'mbstring' extension
Zusammenfassung:	PHP is prone to a buffer overflow vulnerability.
Beschreibung:	Summary: PHP is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due to error in mbfilter_htmlent.c file in the mbstring extension. These can be exploited via mb_convert_encoding, mb_check_encoding, mb_convert_variables, and mb_parse_str functions. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code via a crafted string containing an HTML entity. Affected Software/OS: PHP version 4.3.0 to 5.2.6 on all running platform. Solution: Update to version 5.2.7 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5557 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 32948 http://www.securityfocus.com/bid/32948 Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/501376/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1789 (Google Search) http://www.debian.org/security/2009/dsa-1789 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html HPdes Security Advisory: HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 HPdes Security Advisory: HPSBUX02431 http://marc.info/?l=bugtraq&m=124654546101607&w=2 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: SSRT090085 HPdes Security Advisory: SSRT090192 HPdes Security Advisory: SSRT100079 http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10286 http://www.redhat.com/support/errata/RHSA-2009-0350.html http://securitytracker.com/id?1021482 http://secunia.com/advisories/34642 http://secunia.com/advisories/35003 http://secunia.com/advisories/35074 http://secunia.com/advisories/35306 http://secunia.com/advisories/35650 SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html SuSE Security Announcement: SUSE-SR:2009:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: php-multibyte-bo(47525) https://exchange.xforce.ibmcloud.com/vulnerabilities/47525
Copyright	Copyright (C) 2008 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.