ID de Prueba:	1.3.6.1.4.1.25623.1.0.58892
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0153
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0153. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583) A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001) A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary string using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455) A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0153.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0455 2007-0007 http://www.trustix.org/errata/2007/0007 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql http://www.securityfocus.com/archive/1/466166/100/0/threaded 22289 http://www.securityfocus.com/bid/22289 23916 http://secunia.com/advisories/23916 24022 http://secunia.com/advisories/24022 24052 http://secunia.com/advisories/24052 24053 http://secunia.com/advisories/24053 24107 http://secunia.com/advisories/24107 24143 http://secunia.com/advisories/24143 24151 http://secunia.com/advisories/24151 24924 http://secunia.com/advisories/24924 24945 http://secunia.com/advisories/24945 24965 http://secunia.com/advisories/24965 25575 http://secunia.com/advisories/25575 29157 http://secunia.com/advisories/29157 42813 http://secunia.com/advisories/42813 ADV-2007-0400 http://www.vupen.com/english/advisories/2007/0400 ADV-2011-0022 http://www.vupen.com/english/advisories/2011/0022 FEDORA-2007-150 http://fedoranews.org/cms/node/2631 FEDORA-2010-19022 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html FEDORA-2010-19033 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html MDKSA-2007:035 http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 MDKSA-2007:036 http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 MDKSA-2007:038 http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 MDKSA-2007:109 http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 RHSA-2007:0153 http://www.redhat.com/support/errata/RHSA-2007-0153.html RHSA-2007:0155 http://rhn.redhat.com/errata/RHSA-2007-0155.html RHSA-2007:0162 http://www.redhat.com/support/errata/RHSA-2007-0162.html RHSA-2008:0146 http://www.redhat.com/support/errata/RHSA-2008-0146.html USN-473-1 http://www.ubuntu.com/usn/usn-473-1 [security-announce] 20070208 rPSA-2007-0028-1 gd http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 https://issues.rpath.com/browse/RPL-1030 https://issues.rpath.com/browse/RPL-1268 oval:org.mitre.oval:def:11303 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303 Common Vulnerability Exposure (CVE) ID: CVE-2007-1001 20070407 PHP <= 5.2.1 wbmp file handling integer overflow http://www.securityfocus.com/archive/1/464957/100/0/threaded 23357 http://www.securityfocus.com/bid/23357 24814 http://secunia.com/advisories/24814 24909 http://secunia.com/advisories/24909 25056 http://secunia.com/advisories/25056 25151 http://secunia.com/advisories/25151 25159 http://www.securityfocus.com/bid/25159 25445 http://secunia.com/advisories/25445 26235 http://secunia.com/advisories/26235 ADV-2007-1269 http://www.vupen.com/english/advisories/2007/1269 ADV-2007-2732 http://www.vupen.com/english/advisories/2007/2732 APPLE-SA-2007-07-31 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html GLSA-200705-19 http://security.gentoo.org/glsa/glsa-200705-19.xml MDKSA-2007:087 http://www.mandriva.com/security/advisories?name=MDKSA-2007:087 MDKSA-2007:088 http://www.mandriva.com/security/advisories?name=MDKSA-2007:088 MDKSA-2007:089 http://www.mandriva.com/security/advisories?name=MDKSA-2007:089 MDKSA-2007:090 http://www.mandriva.com/security/advisories?name=MDKSA-2007:090 SSA:2007-127 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053 SUSE-SA:2007:032 http://www.novell.com/linux/security/advisories/2007_32_php.html http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1 http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup http://docs.info.apple.com/article.html?artnum=306172 http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html http://us2.php.net/releases/4_4_7.php http://us2.php.net/releases/5_2_2.php oval:org.mitre.oval:def:10179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179 php-gd-overflow(33453) https://exchange.xforce.ibmcloud.com/vulnerabilities/33453 Common Vulnerability Exposure (CVE) ID: CVE-2007-1718 BugTraq ID: 23145 http://www.securityfocus.com/bid/23145 Debian Security Information: DSA-1282 (Google Search) http://www.debian.org/security/2007/dsa-1282 Debian Security Information: DSA-1283 (Google Search) http://www.debian.org/security/2007/dsa-1283 http://www.php-security.org/MOPB/MOPB-34-2007.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10951 RedHat Security Advisories: RHSA-2007:0155 http://www.securitytracker.com/id?1017946 http://secunia.com/advisories/25025 http://secunia.com/advisories/25057 http://secunia.com/advisories/25062 SuSE Security Announcement: SUSE-SA:2007:032 (Google Search) http://www.ubuntu.com/usn/usn-455-1 XForce ISS Database: php-mailfunction-header-injection(33516) https://exchange.xforce.ibmcloud.com/vulnerabilities/33516 Common Vulnerability Exposure (CVE) ID: CVE-2007-1583 BugTraq ID: 23016 http://www.securityfocus.com/bid/23016 BugTraq ID: 25159 Bugtraq: 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql (Google Search) http://www.php-security.org/MOPB/MOPB-26-2007.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10245
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.