Red Hat Local Security Checks : RedHat Security Advisory RHSA-2006:0731

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.62908

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2006:0731

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2006:0731.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

The Hardened-PHP Project discovered an overflow in the PHP htmlentities()
and htmlspecialchars() routines. If a PHP script used the vulnerable
functions to parse UTF-8 data, a remote attacker sending a carefully
crafted request could trigger the overflow and potentially execute
arbitrary code as the 'apache' user. (CVE-2006-5465)

Users of PHP should upgrade to these updated packages which contain a
backported patch to correct this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0731.html
http://www.hardened-php.net/advisory_132006.138.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-5465
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
BugTraq ID: 20879
http://www.securityfocus.com/bid/20879
Bugtraq: 20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/450431/100/0/threaded
Bugtraq: 20061109 rPSA-2006-0205-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/451098/100/0/threaded
Bugtraq: 20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/453024/100/0/threaded
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
Cisco Security Advisory: 20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces
http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml
Cisco Security Advisory: 20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces
http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html
Debian Security Information: DSA-1206 (Google Search)
http://www.debian.org/security/2006/dsa-1206
http://security.gentoo.org/glsa/glsa-200703-21.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:196
http://www.hardened-php.net/advisory_132006.138.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240
http://www.redhat.com/support/errata/RHSA-2006-0730.html
http://www.redhat.com/support/errata/RHSA-2006-0731.html
RedHat Security Advisories: RHSA-2006:0736
http://rhn.redhat.com/errata/RHSA-2006-0736.html
http://securitytracker.com/id?1017152
http://securitytracker.com/id?1017296
http://secunia.com/advisories/22653
http://secunia.com/advisories/22685
http://secunia.com/advisories/22688
http://secunia.com/advisories/22693
http://secunia.com/advisories/22713
http://secunia.com/advisories/22753
http://secunia.com/advisories/22759
http://secunia.com/advisories/22779
http://secunia.com/advisories/22881
http://secunia.com/advisories/22929
http://secunia.com/advisories/23139
http://secunia.com/advisories/23155
http://secunia.com/advisories/23247
http://secunia.com/advisories/24606
http://secunia.com/advisories/25047
SGI Security Advisory: 20061101-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
SuSE Security Announcement: SUSE-SA:2006:067 (Google Search)
http://www.novell.com/linux/security/advisories/2006_67_php.html
http://www.trustix.org/errata/2006/0061/
TurboLinux Advisory: TLSA-2006-38
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://www.ubuntu.com/usn/usn-375-1
http://www.vupen.com/english/advisories/2006/4317
http://www.vupen.com/english/advisories/2006/4749
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2007/1546
XForce ISS Database: php-htmlentities-bo(29971)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29971

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.62908
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0731
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0731. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user. (CVE-2006-5465) Users of PHP should upgrade to these updated packages which contain a backported patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0731.html http://www.hardened-php.net/advisory_132006.138.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5465 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html BugTraq ID: 20879 http://www.securityfocus.com/bid/20879 Bugtraq: 20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/450431/100/0/threaded Bugtraq: 20061109 rPSA-2006-0205-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/451098/100/0/threaded Bugtraq: 20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability (Google Search) http://www.securityfocus.com/archive/1/453024/100/0/threaded Cert/CC Advisory: TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html Cisco Security Advisory: 20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml Cisco Security Advisory: 20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html Debian Security Information: DSA-1206 (Google Search) http://www.debian.org/security/2006/dsa-1206 http://security.gentoo.org/glsa/glsa-200703-21.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:196 http://www.hardened-php.net/advisory_132006.138.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240 http://www.redhat.com/support/errata/RHSA-2006-0730.html http://www.redhat.com/support/errata/RHSA-2006-0731.html RedHat Security Advisories: RHSA-2006:0736 http://rhn.redhat.com/errata/RHSA-2006-0736.html http://securitytracker.com/id?1017152 http://securitytracker.com/id?1017296 http://secunia.com/advisories/22653 http://secunia.com/advisories/22685 http://secunia.com/advisories/22688 http://secunia.com/advisories/22693 http://secunia.com/advisories/22713 http://secunia.com/advisories/22753 http://secunia.com/advisories/22759 http://secunia.com/advisories/22779 http://secunia.com/advisories/22881 http://secunia.com/advisories/22929 http://secunia.com/advisories/23139 http://secunia.com/advisories/23155 http://secunia.com/advisories/23247 http://secunia.com/advisories/24606 http://secunia.com/advisories/25047 SGI Security Advisory: 20061101-01-P ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P SuSE Security Announcement: SUSE-SA:2006:067 (Google Search) http://www.novell.com/linux/security/advisories/2006_67_php.html http://www.trustix.org/errata/2006/0061/ TurboLinux Advisory: TLSA-2006-38 http://www.turbolinux.com/security/2006/TLSA-2006-38.txt http://www.ubuntu.com/usn/usn-375-1 http://www.vupen.com/english/advisories/2006/4317 http://www.vupen.com/english/advisories/2006/4749 http://www.vupen.com/english/advisories/2006/4750 http://www.vupen.com/english/advisories/2007/1546 XForce ISS Database: php-htmlentities-bo(29971) https://exchange.xforce.ibmcloud.com/vulnerabilities/29971
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com