Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-41)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120256

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-41)

Resumen: The remote host is missing an update for the 'php' package(s) announced via the ALAS-2012-41 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php' package(s) announced via the ALAS-2012-41 advisory.

Vulnerability Insight:
It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code.

Affected Software/OS:
'php' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-0830
1026631
http://securitytracker.com/id?1026631
47801
http://secunia.com/advisories/47801
47806
http://secunia.com/advisories/47806
47813
http://secunia.com/advisories/47813
48668
http://secunia.com/advisories/48668
51830
http://www.securityfocus.com/bid/51830
78819
http://www.osvdb.org/78819
APPLE-SA-2012-05-09-1
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
DSA-2403
http://www.debian.org/security/2012/dsa-2403
HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPSBUX02791
http://marc.info/?l=bugtraq&m=134012830914727&w=2
RHSA-2012:0092
http://rhn.redhat.com/errata/RHSA-2012-0092.html
SSRT100856
SSRT100877
SUSE-SU-2012:0411
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
[oss-security] 20120202 PHP remote code execution introduced via HashDoS fix
http://openwall.com/lists/oss-security/2012/02/02/12
[oss-security] 20120203 Re: PHP remote code execution introduced via HashDoS fix
http://openwall.com/lists/oss-security/2012/02/03/1
http://support.apple.com/kb/HT5281
http://svn.php.net/viewvc?view=revision&revision=323007
http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html
http://www.php.net/ChangeLog-5.php#5.3.10
https://gist.github.com/1725489
openSUSE-SU-2012:0426
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
php-phpregistervariableex-code-exec(72911)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72911

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120256
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-41)
Resumen:	The remote host is missing an update for the 'php' package(s) announced via the ALAS-2012-41 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php' package(s) announced via the ALAS-2012-41 advisory. Vulnerability Insight: It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. Affected Software/OS: 'php' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0830 1026631 http://securitytracker.com/id?1026631 47801 http://secunia.com/advisories/47801 47806 http://secunia.com/advisories/47806 47813 http://secunia.com/advisories/47813 48668 http://secunia.com/advisories/48668 51830 http://www.securityfocus.com/bid/51830 78819 http://www.osvdb.org/78819 APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html DSA-2403 http://www.debian.org/security/2012/dsa-2403 HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPSBUX02791 http://marc.info/?l=bugtraq&m=134012830914727&w=2 RHSA-2012:0092 http://rhn.redhat.com/errata/RHSA-2012-0092.html SSRT100856 SSRT100877 SUSE-SU-2012:0411 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html [oss-security] 20120202 PHP remote code execution introduced via HashDoS fix http://openwall.com/lists/oss-security/2012/02/02/12 [oss-security] 20120203 Re: PHP remote code execution introduced via HashDoS fix http://openwall.com/lists/oss-security/2012/02/03/1 http://support.apple.com/kb/HT5281 http://svn.php.net/viewvc?view=revision&revision=323007 http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html http://www.php.net/ChangeLog-5.php#5.3.10 https://gist.github.com/1725489 openSUSE-SU-2012:0426 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html php-phpregistervariableex-code-exec(72911) https://exchange.xforce.ibmcloud.com/vulnerabilities/72911
Copyright	Copyright (C) 2015 Greenbone AG