ID de Prueba:	1.3.6.1.4.1.25623.1.0.57448
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0708
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0708. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4812) This issue did not affect the PHP packages distributed with Red Hat Enterprise Linux 3 or 4. Users of PHP should upgrade to these updated packages which contain a backported patch that corrects this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0708.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4812 1016984 http://securitytracker.com/id?1016984 1691 http://securityreason.com/securityalert/1691 2006-0055 http://www.trustix.org/errata/2006/0055 20061009 Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow http://www.securityfocus.com/archive/1/448014/100/0/threaded 20349 http://www.securityfocus.com/bid/20349 22280 http://secunia.com/advisories/22280 22281 http://secunia.com/advisories/22281 22300 http://secunia.com/advisories/22300 22331 http://secunia.com/advisories/22331 22338 http://secunia.com/advisories/22338 22533 http://secunia.com/advisories/22533 22538 http://secunia.com/advisories/22538 22650 http://secunia.com/advisories/22650 ADV-2006-3922 http://www.vupen.com/english/advisories/2006/3922 GLSA-200610-14 http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml OpenPKG-SA-2006.023 http://www.securityfocus.com/archive/1/448953/100/0/threaded RHSA-2006:0688 http://rhn.redhat.com/errata/RHSA-2006-0688.html RHSA-2006:0708 http://rhn.redhat.com/errata/RHSA-2006-0708.html SUSE-SA:2006:059 http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html USN-362-1 http://www.ubuntu.com/usn/usn-362-1 http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162 http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm http://www.hardened-php.net/advisory_092006.133.html http://www.hardened-php.net/files/CVE-2006-4812.patch php-ecalloc-integer-overflow(29362) https://exchange.xforce.ibmcloud.com/vulnerabilities/29362
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.