FreeBSD Local Security Checks : FreeBSD Ports: php5

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.62852
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: php5
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: php5 CVE-2008-2371 Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. CVE-2008-2829 php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an 'rfc822.c legacy routine buffer overflow' error message. CVE-2008-3658 Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVE-2008-3659 Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible. CVE-2008-3660 PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2371 20081027 rPSA-2008-0305-1 pcre http://www.securityfocus.com/archive/1/497828/100/0/threaded 30087 http://www.securityfocus.com/bid/30087 30916 http://secunia.com/advisories/30916 30944 http://secunia.com/advisories/30944 30945 http://secunia.com/advisories/30945 30958 http://secunia.com/advisories/30958 30961 http://secunia.com/advisories/30961 30967 http://secunia.com/advisories/30967 30972 http://secunia.com/advisories/30972 30990 http://secunia.com/advisories/30990 31200 http://secunia.com/advisories/31200 31681 http://www.securityfocus.com/bid/31681 32222 http://secunia.com/advisories/32222 32454 http://secunia.com/advisories/32454 32746 http://secunia.com/advisories/32746 35074 http://secunia.com/advisories/35074 35650 http://secunia.com/advisories/35650 39300 http://secunia.com/advisories/39300 ADV-2008-2005 http://www.vupen.com/english/advisories/2008/2005 ADV-2008-2006 http://www.vupen.com/english/advisories/2008/2006 ADV-2008-2336 http://www.vupen.com/english/advisories/2008/2336 ADV-2008-2780 http://www.vupen.com/english/advisories/2008/2780 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 ADV-2010-0833 http://www.vupen.com/english/advisories/2010/0833 APPLE-SA-2008-10-09 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html DSA-1602 http://www.debian.org/security/2008/dsa-1602 FEDORA-2008-6025 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html FEDORA-2008-6048 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html GLSA-200807-03 http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml GLSA-200811-05 http://security.gentoo.org/glsa/glsa-200811-05.xml HPSBUX02431 http://marc.info/?l=bugtraq&m=124654546101607&w=2 HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 MDVSA-2008:147 http://www.mandriva.com/security/advisories?name=MDVSA-2008:147 MDVSA-2009:023 http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 SSRT090085 SSRT090192 SUSE-SR:2008:014 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html USN-624-1 http://www.ubuntu.com/usn/usn-624-1 USN-624-2 http://ubuntu.com/usn/usn-624-2 USN-628-1 http://www.ubuntu.com/usn/usn-628-1 http://bugs.gentoo.org/show_bug.cgi?id=228091 http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT3549 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305 Common Vulnerability Exposure (CVE) ID: CVE-2008-2829 BugTraq ID: 29829 http://www.securityfocus.com/bid/29829 Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/501376/100/0/threaded Cert/CC Advisory: TA09-133A https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html HPdes Security Advisory: HPSBUX02431 HPdes Security Advisory: HPSBUX02465 HPdes Security Advisory: SSRT090085 HPdes Security Advisory: SSRT090192 http://www.mandriva.com/security/advisories?name=MDVSA-2008:126 http://www.mandriva.com/security/advisories?name=MDVSA-2008:127 http://www.mandriva.com/security/advisories?name=MDVSA-2008:128 http://bugs.php.net/bug.php?id=42862 http://www.openwall.com/lists/oss-security/2008/06/19/6 http://www.openwall.com/lists/oss-security/2008/06/24/2 http://osvdb.org/46641 http://secunia.com/advisories/35306 SuSE Security Announcement: SUSE-SR:2008:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html XForce ISS Database: php-phpimap-dos(43357) https://exchange.xforce.ibmcloud.com/vulnerabilities/43357 Common Vulnerability Exposure (CVE) ID: CVE-2008-3658 BugTraq ID: 30649 http://www.securityfocus.com/bid/30649 Debian Security Information: DSA-1647 (Google Search) http://www.debian.org/security/2008/dsa-1647 HPdes Security Advisory: HPSBTU02382 http://www.securityfocus.com/archive/1/498647/100/0/threaded HPdes Security Advisory: HPSBUX02401 http://marc.info/?l=bugtraq&m=123376588623823&w=2 HPdes Security Advisory: SSRT080132 HPdes Security Advisory: SSRT090005 http://www.mandriva.com/security/advisories?name=MDVSA-2009:021 http://www.mandriva.com/security/advisories?name=MDVSA-2009:022 http://www.mandriva.com/security/advisories?name=MDVSA-2009:024 http://news.php.net/php.cvs/51219 http://www.openwall.com/lists/oss-security/2008/08/08/2 http://www.openwall.com/lists/oss-security/2008/08/13/8 http://osvdb.org/47484 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9724 http://www.redhat.com/support/errata/RHSA-2009-0350.html http://secunia.com/advisories/31982 http://secunia.com/advisories/32148 http://secunia.com/advisories/32316 http://secunia.com/advisories/32884 http://secunia.com/advisories/33797 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html SuSE Security Announcement: SUSE-SR:2008:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html http://www.vupen.com/english/advisories/2008/3275 http://www.vupen.com/english/advisories/2009/0320 XForce ISS Database: php-imageloadfont-dos(44401) https://exchange.xforce.ibmcloud.com/vulnerabilities/44401 Common Vulnerability Exposure (CVE) ID: CVE-2008-3659 http://www.openwall.com/lists/oss-security/2008/08/08/3 http://www.openwall.com/lists/oss-security/2008/08/08/4 http://osvdb.org/47483 http://www.securitytracker.com/id?1020995 XForce ISS Database: php-memnstr-bo(44405) https://exchange.xforce.ibmcloud.com/vulnerabilities/44405 Common Vulnerability Exposure (CVE) ID: CVE-2008-3660 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597 http://www.securitytracker.com/id?1020994 XForce ISS Database: php-curl-unspecified(44402) https://exchange.xforce.ibmcloud.com/vulnerabilities/44402
Copyright	Copyright (C) 2008 E-Soft Inc.