Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2014-460)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120101

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2014-460)

Resumen: The remote host is missing an update announced via the referenced Security Advisory.

Descripción: Summary:
The remote host is missing an update announced via the referenced Security Advisory.

Vulnerability Insight:
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. (CVE-2014-8088 )The 1.12.9, 2.2.8, and 2.3.3 releases of the Zend Framework fix an SQL injection issue when using the sqlsrv PHP extension. Full details are available in the upstream advisory. (CVE-2014-8089 )

Solution:
Run yum update php-ZendFramework to update your system.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8088
BugTraq ID: 70378
http://www.securityfocus.com/bid/70378
Debian Security Information: DSA-3265 (Google Search)
http://www.debian.org/security/2015/dsa-3265
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html
http://www.openwall.com/lists/oss-security/2014/10/10/5
XForce ISS Database: zend-framework-cve20148088-sec-bypass(97038)
https://exchange.xforce.ibmcloud.com/vulnerabilities/97038
Common Vulnerability Exposure (CVE) ID: CVE-2014-8089
BugTraq ID: 70011
http://www.securityfocus.com/bid/70011
http://framework.zend.com/security/advisory/ZF2014-06
http://seclists.org/oss-sec/2014/q4/276
https://bugzilla.redhat.com/show_bug.cgi?id=1151277

Copyright Copyright (C) 2015 Eero Volotinen

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120101
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2014-460)
Resumen:	The remote host is missing an update announced via the referenced Security Advisory.
Descripción:	Summary: The remote host is missing an update announced via the referenced Security Advisory. Vulnerability Insight: The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. (CVE-2014-8088 )The 1.12.9, 2.2.8, and 2.3.3 releases of the Zend Framework fix an SQL injection issue when using the sqlsrv PHP extension. Full details are available in the upstream advisory. (CVE-2014-8089 ) Solution: Run yum update php-ZendFramework to update your system. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8088 BugTraq ID: 70378 http://www.securityfocus.com/bid/70378 Debian Security Information: DSA-3265 (Google Search) http://www.debian.org/security/2015/dsa-3265 http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html http://www.openwall.com/lists/oss-security/2014/10/10/5 XForce ISS Database: zend-framework-cve20148088-sec-bypass(97038) https://exchange.xforce.ibmcloud.com/vulnerabilities/97038 Common Vulnerability Exposure (CVE) ID: CVE-2014-8089 BugTraq ID: 70011 http://www.securityfocus.com/bid/70011 http://framework.zend.com/security/advisory/ZF2014-06 http://seclists.org/oss-sec/2014/q4/276 https://bugzilla.redhat.com/show_bug.cgi?id=1151277
Copyright	Copyright (C) 2015 Eero Volotinen