ID de Prueba:	1.3.6.1.4.1.25623.1.0.120098
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-95)
Resumen:	The remote host is missing an update for the 'php' package(s) announced via the ALAS-2012-95 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php' package(s) announced via the ALAS-2012-95 advisory. Vulnerability Insight: Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. Affected Software/OS: 'php' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2143 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html Debian Security Information: DSA-2491 (Google Search) http://www.debian.org/security/2012/dsa-2491 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html FreeBSD Security Advisory: FreeBSD-SA-12:02 http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc http://www.mandriva.com/security/advisories?name=MDVSA-2012:092 RedHat Security Advisories: RHSA-2012:1037 http://rhn.redhat.com/errata/RHSA-2012-1037.html http://www.securitytracker.com/id?1026995 http://secunia.com/advisories/49304 http://secunia.com/advisories/50718 SuSE Security Announcement: SUSE-SU-2012:0840 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html Common Vulnerability Exposure (CVE) ID: CVE-2012-2386 APPLE-SA-2012-09-19-2 SUSE-SU-2012:0840 [oss-security] 20120522 Re: CVE request: PHP Phar - arbitrary code execution http://openwall.com/lists/oss-security/2012/05/22/10 http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=158d8a6b088662ce9d31e0c777c6ebe90efdc854 http://support.apple.com/kb/HT5501 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=61065 https://bugzilla.redhat.com/show_bug.cgi?id=823594
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.