English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.58003
Categoría:Mandrake Local Security Checks
Título:Mandrake Security Advisory MDKSA-2007:038 (php)
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing an update to php
announced via advisory MDKSA-2007:038.

PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and
open_basedir restrictions via a malicious path and a null byte before a

in a session_save_path argument, followed by an allowed path, which
causes a parsing inconsistency in which PHP validates the allowed path
but sets session.save_path to the malicious path. (CVE-2006-6383)

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD
Graphics Library 2.0.33 and earlier allows remote attackers to cause a
denial of service (application crash) and possibly execute arbitrary
code via a crafted string with a JIS encoded font. PHP uses an embedded
copy of GD and may be susceptible to the same issue. (CVE-2007-0455)

Updated packages have been patched to correct these issues. Users must
restart Apache for the changes to take effect.

Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0


Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:038

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-6383
BugTraq ID: 21508
http://www.securityfocus.com/bid/21508
Bugtraq: 20061208 PHP 5.2.0 session.save_path safe_mode and open_basedir bypass (Google Search)
http://www.securityfocus.com/archive/1/453938/30/9270/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2007:038
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html
http://secunia.com/advisories/24022
http://secunia.com/advisories/24514
http://securityreason.com/securityalert/2000
http://securityreason.com/achievement_securityalert/43
SuSE Security Announcement: SUSE-SA:2007:020 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
Common Vulnerability Exposure (CVE) ID: CVE-2007-0455
BugTraq ID: 22289
http://www.securityfocus.com/bid/22289
Bugtraq: 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/466166/100/0/threaded
http://fedoranews.org/cms/node/2631
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:035
http://www.mandriva.com/security/advisories?name=MDKSA-2007:036
http://www.mandriva.com/security/advisories?name=MDKSA-2007:109
http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303
http://www.redhat.com/support/errata/RHSA-2007-0153.html
RedHat Security Advisories: RHSA-2007:0155
http://rhn.redhat.com/errata/RHSA-2007-0155.html
http://www.redhat.com/support/errata/RHSA-2007-0162.html
http://www.redhat.com/support/errata/RHSA-2008-0146.html
http://secunia.com/advisories/23916
http://secunia.com/advisories/24052
http://secunia.com/advisories/24053
http://secunia.com/advisories/24107
http://secunia.com/advisories/24143
http://secunia.com/advisories/24151
http://secunia.com/advisories/24924
http://secunia.com/advisories/24945
http://secunia.com/advisories/24965
http://secunia.com/advisories/25575
http://secunia.com/advisories/29157
http://secunia.com/advisories/42813
http://www.trustix.org/errata/2007/0007
http://www.ubuntu.com/usn/usn-473-1
http://www.vupen.com/english/advisories/2007/0400
http://www.vupen.com/english/advisories/2011/0022
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.