Test Kennung:	1.3.6.1.4.1.25623.1.0.902436
Kategorie:	Buffer overflow
Titel:	PHP 'socket_connect()' Buffer Overflow Vulnerability - Windows
Zusammenfassung:	PHP is prone to a stack buffer overflow vulnerability.
Beschreibung:	Summary: PHP is prone to a stack buffer overflow vulnerability. Vulnerability Insight: The flaw is due to an error in the 'socket_connect()' function within socket module. It uses memcpy to copy path from addr to s_un without checking addr length in case when AF_UNIX socket is used. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code or to cause denial of service condition. Affected Software/OS: PHP Version 5.3.5 and prior on Windows. Solution: Update to version 5.3.7 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1938 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html BugTraq ID: 49241 http://www.securityfocus.com/bid/49241 Debian Security Information: DSA-2399 (Google Search) http://www.debian.org/security/2012/dsa-2399 http://www.exploit-db.com/exploits/17318/ HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100826 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://openwall.com/lists/oss-security/2011/05/24/1 http://openwall.com/lists/oss-security/2011/05/24/9 http://osvdb.org/72644 http://www.redhat.com/support/errata/RHSA-2011-1423.html http://securityreason.com/securityalert/8262 http://securityreason.com/securityalert/8294 XForce ISS Database: php-socketconnect-bo(67606) https://exchange.xforce.ibmcloud.com/vulnerabilities/67606
Copyright	Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.