English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 105790 Descripciones CVE y
56160 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.55191
Categoría:Debian Local Security Checks
Título:Debian Security Advisory DSA 789-1 (php4)
Resumen:Debian Security Advisory DSA 789-1 (php4)
Descripción:Description:
The remote host is missing an update to php4
announced via advisory DSA 789-1.

Several security related problems have been found in PHP4, the
server-side, HTML-embedded scripting language. The Common
Vulnerabilities and Exposures project identifies the following
problems:

CVE-2005-1751
Eric Romang discovered insecure temporary files in the shtool
utility shipped with PHP that can exploited by a local attacker to
overwrite arbitrary files. Only this vulnerability affects
packages in oldstable.

CVE-2005-1921
GulfTech has discovered that PEAR XML_RPC is vulnerable to a
remote PHP code execution vulnerability that may allow an attacker
to compromise a vulnerable server.

CVE-2005-2498
Stefan Esser discovered another vulnerability in the XML-RPC
libraries that allows injection of arbitrary PHP code into eval()
statements.

For the old stable distribution (woody) these problems have been fixed in
version 4.1.2-7.woody5.

For the stable distribution (sarge) these problems have been fixed in
version 4.3.10-16.

For the unstable distribution (sid) these problems have been fixed in
version 4.4.0-2.

We recommend that you upgrade your PHP packages.


Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%20789-1

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-1751
http://www.zataz.net/adviso/shtool-05252005.txt
http://bugs.gentoo.org/show_bug.cgi?id=93782
Debian Security Information: DSA-789 (Google Search)
http://www.debian.org/security/2005/dsa-789
http://www.gentoo.org/security/en/glsa/glsa-200506-08.xml
http://www.redhat.com/support/errata/RHSA-2005-564.html
BugTraq ID: 13767
http://www.securityfocus.com/bid/13767
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:345
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9639
http://securitytracker.com/id?1014059
http://secunia.com/advisories/15496
http://marc.info/?l=bugtraq&m=111955937622637&w=2
http://secunia.com/advisories/15668
Common Vulnerability Exposure (CVE) ID: CVE-2005-1921
Bugtraq: 20050629 Advisory 02/2005: Remote code execution in Serendipity (Google Search)
http://marc.info/?l=bugtraq&m=112008638320145&w=2
http://pear.php.net/package/XML_RPC/download/1.3.1
http://www.gulftech.org/?node=research&article_id=00087-07012005
http://www.hardened-php.net/advisory-022005.php
Debian Security Information: DSA-745 (Google Search)
http://www.debian.org/security/2005/dsa-745
Debian Security Information: DSA-747 (Google Search)
http://www.debian.org/security/2005/dsa-747
Debian Security Information: DSA-746 (Google Search)
http://www.debian.org/security/2005/dsa-746
http://security.gentoo.org/glsa/glsa-200507-01.xml
http://security.gentoo.org/glsa/glsa-200507-06.xml
http://security.gentoo.org/glsa/glsa-200507-07.xml
HPdes Security Advisory: HPSBTU02083
http://www.securityfocus.com/archive/1/archive/1/419064/100/0/threaded
HPdes Security Advisory: SSRT051069
http://www.mandriva.com/security/advisories?name=MDKSA-2005:109
SuSE Security Announcement: SUSE-SA:2005:051 (Google Search)
http://marc.info/?l=bugtraq&m=112605112027335&w=2
Bugtraq: 20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue (Google Search)
http://marc.info/?l=bugtraq&m=112015336720867&w=2
SuSE Security Announcement: SUSE-SA:2005:041 (Google Search)
http://www.novell.com/linux/security/advisories/2005_41_php_pear.html
SuSE Security Announcement: SUSE-SA:2005:049 (Google Search)
http://www.novell.com/linux/security/advisories/2005_49_php.html
SuSE Security Announcement: SUSE-SR:2005:018 (Google Search)
http://www.novell.com/linux/security/advisories/2005_18_sr.html
BugTraq ID: 14088
http://www.securityfocus.com/bid/14088
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11294
http://www.vupen.com/english/advisories/2005/2827
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:350
http://securitytracker.com/id?1015336
http://secunia.com/advisories/15852
http://secunia.com/advisories/15872
http://secunia.com/advisories/15944
http://secunia.com/advisories/15947
http://secunia.com/advisories/15957
http://secunia.com/advisories/16001
http://secunia.com/advisories/18003
http://secunia.com/advisories/15810
http://secunia.com/advisories/15855
http://secunia.com/advisories/15861
http://secunia.com/advisories/15883
http://secunia.com/advisories/15884
http://secunia.com/advisories/15895
http://secunia.com/advisories/15903
http://secunia.com/advisories/15904
http://secunia.com/advisories/15916
http://secunia.com/advisories/15917
http://secunia.com/advisories/15922
http://secunia.com/advisories/16339
http://secunia.com/advisories/16693
http://secunia.com/advisories/17440
http://secunia.com/advisories/17674
Common Vulnerability Exposure (CVE) ID: CVE-2005-2498
Bugtraq: 20050815 Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/408125
http://www.hardened-php.net/advisory_152005.67.html
Bugtraq: 20050817 [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=112431497300344&w=2
Bugtraq: 20050815 [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue (Google Search)
http://marc.info/?l=bugtraq&m=112412415822890&w=2
Debian Security Information: DSA-798 (Google Search)
http://www.debian.org/security/2005/dsa-798
Debian Security Information: DSA-840 (Google Search)
http://www.debian.org/security/2005/dsa-840
Debian Security Information: DSA-842 (Google Search)
http://www.debian.org/security/2005/dsa-842
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
http://www.redhat.com/support/errata/RHSA-2005-748.html
BugTraq ID: 14560
http://www.securityfocus.com/bid/14560
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9569
http://secunia.com/advisories/16431
http://secunia.com/advisories/16432
http://secunia.com/advisories/16441
http://secunia.com/advisories/16460
http://secunia.com/advisories/16465
http://secunia.com/advisories/16468
http://secunia.com/advisories/16469
http://secunia.com/advisories/16491
http://secunia.com/advisories/16550
http://secunia.com/advisories/16558
http://secunia.com/advisories/16563
http://secunia.com/advisories/16619
http://secunia.com/advisories/16635
http://secunia.com/advisories/16976
http://secunia.com/advisories/17053
http://secunia.com/advisories/17066
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 56160 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2017 E-Soft Inc. Todos los derechos reservados.