FreeBSD Local Security Checks : php -- multiple vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52269

Categoría: FreeBSD Local Security Checks

Título: php -- multiple vulnerabilities

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

mod_php4-twig
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php4
mod_php
mod_php4
php5
php5-cgi
php5-cli
mod_php5

CVE-2004-1019
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2
allows remote attackers to cause a denial of service and execute
arbitrary code via untrusted data to the unserialize function that may
trigger 'information disclosure, double free and negative reference
index array underflow' results.

CVE-2004-1065
Buffer overflow in the exif_read_data function in PHP before 4.3.10
and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary
code via a long section name in an image file.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1019
Bugtraq: 20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5 (Google Search)
http://marc.info/?l=bugtraq&m=110314318531298&w=2
https://bugzilla.fedora.us/show_bug.cgi?id=2344
HPdes Security Advisory: HPSBMA01212
http://www.securityfocus.com/advisories/9028
http://www.mandriva.com/security/advisories?name=MDKSA-2004:151
http://www.hardened-php.net/advisories/012004.txt
http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10511
http://www.redhat.com/support/errata/RHSA-2004-687.html
http://www.redhat.com/support/errata/RHSA-2005-032.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
SuSE Security Announcement: SUSE-SA:2005:002 (Google Search)
http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html
SuSE Security Announcement: SUSE-SU-2015:0365 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html
SuSE Security Announcement: openSUSE-SU-2015:0325 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html
XForce ISS Database: php-unserialize-code-execution(18514)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18514
Common Vulnerability Exposure (CVE) ID: CVE-2004-1065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10877
XForce ISS Database: php-exifreaddata-bo(18517)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18517

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52269
Categoría:	FreeBSD Local Security Checks
Título:	php -- multiple vulnerabilities
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: mod_php4-twig php4-cgi php4-cli php4-dtc php4-horde php4-nms php4 mod_php mod_php4 php5 php5-cgi php5-cli mod_php5 CVE-2004-1019 The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger 'information disclosure, double free and negative reference index array underflow' results. CVE-2004-1065 Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1019 Bugtraq: 20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5 (Google Search) http://marc.info/?l=bugtraq&m=110314318531298&w=2 https://bugzilla.fedora.us/show_bug.cgi?id=2344 HPdes Security Advisory: HPSBMA01212 http://www.securityfocus.com/advisories/9028 http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://www.hardened-php.net/advisories/012004.txt http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10511 http://www.redhat.com/support/errata/RHSA-2004-687.html http://www.redhat.com/support/errata/RHSA-2005-032.html http://www.redhat.com/support/errata/RHSA-2005-816.html SuSE Security Announcement: SUSE-SA:2005:002 (Google Search) http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html SuSE Security Announcement: SUSE-SU-2015:0365 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html SuSE Security Announcement: openSUSE-SU-2015:0325 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html XForce ISS Database: php-unserialize-code-execution(18514) https://exchange.xforce.ibmcloud.com/vulnerabilities/18514 Common Vulnerability Exposure (CVE) ID: CVE-2004-1065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10877 XForce ISS Database: php-exifreaddata-bo(18517) https://exchange.xforce.ibmcloud.com/vulnerabilities/18517
Copyright	Copyright (C) 2008 E-Soft Inc.