English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.56765
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2006:0501
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0501.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

The phpinfo() PHP function did not properly sanitize long strings. An
attacker could use this to perform cross-site scripting attacks against
sites that have publicly-available PHP scripts that call phpinfo().
(CVE-2006-0996)

The error handling output was found to not properly escape HTML output in
certain cases. An attacker could use this flaw to perform cross-site
scripting attacks against sites where both display_errors and html_errors
are enabled. (CVE-2006-0208)

A buffer overflow flaw was discovered in uw-imap, the University of
Washington's IMAP Server. php-imap is compiled against the static c-client
libraries from imap and therefore needed to be recompiled against the fixed
version. (CVE-2005-2933)

The wordwrap() PHP function did not properly check for integer overflow in
the handling of the break parameter. An attacker who could control the
string passed to the break parameter could cause a heap overflow.
(CVE-2006-1990)

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0501.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-2933
BugTraq ID: 15009
http://www.securityfocus.com/bid/15009
CERT/CC vulnerability note: VU#933601
http://www.kb.cert.org/vuls/id/933601
Debian Security Information: DSA-861 (Google Search)
http://www.debian.org/security/2005/dsa-861
http://www.securityfocus.com/archive/1/430296/100/0/threaded
http://www.securityfocus.com/archive/1/430303/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html
http://www.gentoo.org/security/en/glsa/glsa-200510-10.xml
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=true
http://www.mandriva.com/security/advisories?name=MDKSA-2005:189
http://www.mandriva.com/security/advisories?name=MDKSA-2005:194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9858
http://www.redhat.com/support/errata/RHSA-2005-848.html
http://www.redhat.com/support/errata/RHSA-2005-850.html
RedHat Security Advisories: RHSA-2006:0276
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://www.redhat.com/support/errata/RHSA-2006-0501.html
RedHat Security Advisories: RHSA-2006:0549
http://rhn.redhat.com/errata/RHSA-2006-0549.html
http://securitytracker.com/id?1015000
http://secunia.com/advisories/17062/
http://secunia.com/advisories/17148
http://secunia.com/advisories/17152
http://secunia.com/advisories/17215
http://secunia.com/advisories/17276
http://secunia.com/advisories/17336
http://secunia.com/advisories/17483
http://secunia.com/advisories/17928
http://secunia.com/advisories/17930
http://secunia.com/advisories/17950
http://secunia.com/advisories/18554
http://secunia.com/advisories/19832
http://secunia.com/advisories/20210
http://secunia.com/advisories/20222
http://secunia.com/advisories/20951
http://secunia.com/advisories/21252
http://secunia.com/advisories/21564
SGI Security Advisory: 20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
SGI Security Advisory: 20060501-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.500161
http://securityreason.com/securityalert/47
SuSE Security Announcement: SUSE-SR:2005:023 (Google Search)
http://www.novell.com/linux/security/advisories/2005_23_sr.html
http://www.vupen.com/english/advisories/2006/2685
XForce ISS Database: uw-imap-mailbox-name-bo(22518)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22518
Common Vulnerability Exposure (CVE) ID: CVE-2006-0208
BugTraq ID: 16803
http://www.securityfocus.com/bid/16803
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064
http://secunia.com/advisories/18431
http://secunia.com/advisories/18697
http://secunia.com/advisories/19012
http://secunia.com/advisories/19179
http://secunia.com/advisories/19355
SuSE Security Announcement: SUSE-SR:2006:004 (Google Search)
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
https://usn.ubuntu.com/261-1/
http://www.vupen.com/english/advisories/2006/0177
http://www.vupen.com/english/advisories/2006/0369
Common Vulnerability Exposure (CVE) ID: CVE-2006-0996
BugTraq ID: 17362
http://www.securityfocus.com/bid/17362
http://security.gentoo.org/glsa/glsa-200605-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
http://marc.info/?l=php-cvs&m=114374620416389&w=2
http://www.osvdb.org/24484
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997
http://securitytracker.com/id?1015879
http://secunia.com/advisories/19599
http://secunia.com/advisories/19775
http://secunia.com/advisories/19979
http://secunia.com/advisories/20052
http://secunia.com/advisories/21125
http://securityreason.com/securityalert/675
http://securityreason.com/achievement_securityalert/34
SuSE Security Announcement: SUSE-SA:2006:024 (Google Search)
http://www.novell.com/linux/security/advisories/05-05-2006.html
http://www.ubuntu.com/usn/usn-320-1
http://www.vupen.com/english/advisories/2006/1290
XForce ISS Database: php-phpinfo-long-array-xss(25702)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25702
Common Vulnerability Exposure (CVE) ID: CVE-2006-1990
1015979
http://securitytracker.com/id?1015979
19803
http://secunia.com/advisories/19803
20052
20060701-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
20061005 rPSA-2006-0182-1 php php-mysql php-pgsql
http://www.securityfocus.com/archive/1/447866/100/0/threaded
20222
20269
http://secunia.com/advisories/20269
20676
http://secunia.com/advisories/20676
21031
http://secunia.com/advisories/21031
21050
http://secunia.com/advisories/21050
21125
21135
http://secunia.com/advisories/21135
21252
21564
21723
http://secunia.com/advisories/21723
22225
http://secunia.com/advisories/22225
23155
http://secunia.com/advisories/23155
ADV-2006-1500
http://www.vupen.com/english/advisories/2006/1500
ADV-2006-4750
http://www.vupen.com/english/advisories/2006/4750
APPLE-SA-2006-11-28
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
GLSA-200605-08
MDKSA-2006:091
http://www.mandriva.com/security/advisories?name=MDKSA-2006:091
MDKSA-2006:122
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
RHSA-2006:0501
RHSA-2006:0549
RHSA-2006:0568
http://www.redhat.com/support/errata/RHSA-2006-0568.html
SUSE-SA:2006:031
http://www.novell.com/linux/security/advisories/2006_31_php.html
TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
TLSA-2006-38
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
USN-320-1
http://docs.info.apple.com/article.html?artnum=304829
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02
https://issues.rpath.com/browse/RPL-683
oval:org.mitre.oval:def:9696
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9696
php-wordwrap-string-bo(26001)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26001
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.