 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.120517 |
| Categoría: | Amazon Linux Local Security Checks |
| Título: | Amazon Linux: Security Advisory (ALAS-2011-7) |
| Resumen: | The remote host is missing an update for the 'php' package(s) announced via the ALAS-2011-7 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'php' package(s) announced via the ALAS-2011-7 advisory. Vulnerability Insight: PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. php: changes to is_a() in 5.3.7 may allow arbitrary code execution with certain code A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. A stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'php' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-1148 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html BugTraq ID: 46843 http://www.securityfocus.com/bid/46843 BugTraq ID: 49241 http://www.securityfocus.com/bid/49241 HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100826 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://openwall.com/lists/oss-security/2011/03/13/2 http://openwall.com/lists/oss-security/2011/03/13/3 http://openwall.com/lists/oss-security/2011/03/13/9 http://www.redhat.com/support/errata/RHSA-2011-1423.html XForce ISS Database: php-substrreplace-code-exec(66080) https://exchange.xforce.ibmcloud.com/vulnerabilities/66080 Common Vulnerability Exposure (CVE) ID: CVE-2011-1938 Debian Security Information: DSA-2399 (Google Search) http://www.debian.org/security/2012/dsa-2399 http://www.exploit-db.com/exploits/17318/ http://openwall.com/lists/oss-security/2011/05/24/1 http://openwall.com/lists/oss-security/2011/05/24/9 http://osvdb.org/72644 http://securityreason.com/securityalert/8262 http://securityreason.com/securityalert/8294 XForce ISS Database: php-socketconnect-bo(67606) https://exchange.xforce.ibmcloud.com/vulnerabilities/67606 Common Vulnerability Exposure (CVE) ID: CVE-2011-2202 BugTraq ID: 48259 http://www.securityfocus.com/bid/48259 Debian Security Information: DSA-2266 (Google Search) http://www.debian.org/security/2011/dsa-2266 http://pastebin.com/1edSuSVN http://openwall.com/lists/oss-security/2011/06/12/5 http://openwall.com/lists/oss-security/2011/06/13/15 RedHat Security Advisories: RHSA-2012:0071 http://rhn.redhat.com/errata/RHSA-2012-0071.html http://securitytracker.com/id?1025659 http://secunia.com/advisories/44874 XForce ISS Database: php-sapiposthandlerfunc-sec-bypass(67999) https://exchange.xforce.ibmcloud.com/vulnerabilities/67999 Common Vulnerability Exposure (CVE) ID: CVE-2011-2483 Debian Security Information: DSA-2340 (Google Search) http://www.debian.org/security/2011/dsa-2340 http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 http://www.mandriva.com/security/advisories?name=MDVSA-2011:179 http://www.mandriva.com/security/advisories?name=MDVSA-2011:180 http://freshmeat.net/projects/crypt_blowfish http://www.redhat.com/support/errata/RHSA-2011-1377.html http://www.redhat.com/support/errata/RHSA-2011-1378.html SuSE Security Announcement: SUSE-SA:2011:035 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html http://www.ubuntu.com/usn/USN-1229-1 XForce ISS Database: php-cryptblowfish-info-disclosure(69319) https://exchange.xforce.ibmcloud.com/vulnerabilities/69319 Common Vulnerability Exposure (CVE) ID: CVE-2011-3182 20110819 PHP 5.3.6 multiple null pointer dereference http://marc.info/?l=full-disclosure&m=131373057621672&w=2 http://securityreason.com/achievement_securityalert/101 49249 http://www.securityfocus.com/bid/49249 APPLE-SA-2012-02-01-1 MDVSA-2011:165 [oss-security] 20110822 CVE assignment php NULL pointer dereference - CVE-2011-3182 http://www.openwall.com/lists/oss-security/2011/08/22/9 http://support.apple.com/kb/HT5130 php-library-functions-dos(69430) https://exchange.xforce.ibmcloud.com/vulnerabilities/69430 Common Vulnerability Exposure (CVE) ID: CVE-2011-3379 20110923 Security issue is_a function in PHP 5.3.7+ http://www.securityfocus.com/archive/1/519770/30/0/threaded 8525 http://securityreason.com/securityalert/8525 HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 SSRT100877 http://svn.php.net/viewvc/?view=revision&revision=317183 http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/ https://bugs.php.net/bug.php?id=55475 https://bugzilla.redhat.com/show_bug.cgi?id=741020 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |