FreeBSD Local Security Checks : FreeBSD Ports: php5

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.60889

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: php5

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: php5

CVE-2008-1384
Integer overflow in PHP 5.2.5 and earlier allows context-dependent
attackers to cause a denial of service and possibly have unspecified
other impact via a printf format parameter with a large width
specifier, related to the php_sprintf_appendstring function in
formatted_print.c and probably other functions for formatted strings
(aka *printf functions).

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-1384
BugTraq ID: 28392
http://www.securityfocus.com/bid/28392
Bugtraq: 20080321 {securityreason.com}PHP 5 *printf() - Integer Overflow (Google Search)
http://www.securityfocus.com/archive/1/489962/100/0/threaded
Bugtraq: 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/492535/100/0/threaded
Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/492671/100/0/threaded
Debian Security Information: DSA-1572 (Google Search)
http://www.debian.org/security/2008/dsa-1572
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://secunia.com/advisories/30158
http://secunia.com/advisories/30345
http://secunia.com/advisories/30411
http://secunia.com/advisories/30967
http://secunia.com/advisories/31200
http://secunia.com/advisories/32746
http://securityreason.com/achievement_securityalert/52
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://www.ubuntu.com/usn/usn-628-1
XForce ISS Database: php-phpsprintfappendstring-overflow(41386)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41386

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.60889
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: php5
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: php5 CVE-2008-1384 Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions). Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1384 BugTraq ID: 28392 http://www.securityfocus.com/bid/28392 Bugtraq: 20080321 {securityreason.com}PHP 5 *printf() - Integer Overflow (Google Search) http://www.securityfocus.com/archive/1/489962/100/0/threaded Bugtraq: 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/492535/100/0/threaded Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/492671/100/0/threaded Debian Security Information: DSA-1572 (Google Search) http://www.debian.org/security/2008/dsa-1572 http://security.gentoo.org/glsa/glsa-200811-05.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:022 http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 http://secunia.com/advisories/30158 http://secunia.com/advisories/30345 http://secunia.com/advisories/30411 http://secunia.com/advisories/30967 http://secunia.com/advisories/31200 http://secunia.com/advisories/32746 http://securityreason.com/achievement_securityalert/52 SuSE Security Announcement: SUSE-SR:2008:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://www.ubuntu.com/usn/usn-628-1 XForce ISS Database: php-phpsprintfappendstring-overflow(41386) https://exchange.xforce.ibmcloud.com/vulnerabilities/41386
Copyright	Copyright (C) 2008 E-Soft Inc.