English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.63254
Categoría:Mandrake Local Security Checks
Título:Mandrake Security Advisory MDVSA-2009:023 (php)
Resumen:The remote host is missing an update to php;announced via advisory MDVSA-2009:023.
Descripción:Summary:
The remote host is missing an update to php
announced via advisory MDVSA-2009:023.

Vulnerability Insight:
A vulnerability in PHP allowed context-dependent attackers to cause
a denial of service (crash) via a certain long string in the glob()
or fnmatch() functions (CVE-2007-4782).

A vulnerability in the cURL library in PHP allowed context-dependent
attackers to bypass safe_mode and open_basedir restrictions and read
arbitrary files using a special URL request (CVE-2007-4850).

An integer overflow in PHP allowed context-dependent attackers to
cause a denial of service via a special printf() format parameter
(CVE-2008-1384).

A stack-based buffer overflow in the FastCGI SAPI in PHP has unknown
impact and attack vectors (CVE-2008-2050).

Tavis Ormandy of the Google Security Team discovered a heap-based
buffer overflow when compiling certain regular expression patterns.
This could be used by a malicious attacker by sending a specially
crafted regular expression to an application using the PCRE library,
resulting in the possible execution of arbitrary code or a denial of
service (CVE-2008-2371). PHP in Corporate Server 4.0 is affected by
this issue.

A buffer overflow in the imageloadfont() function in PHP allowed
context-dependent attackers to cause a denial of service (crash)
and potentially execute arbitrary code via a crafted font file
(CVE-2008-3658).

A buffer overflow in the memnstr() function allowed context-dependent
attackers to cause a denial of service (crash) and potentially execute
arbitrary code via the delimiter argument to the explode() function
(CVE-2008-3659).

PHP, when used as a FastCGI module, allowed remote attackers to cause
a denial of service (crash) via a request with multiple dots preceding
the extension (CVE-2008-3660).

An array index error in the imageRotate() function in PHP allowed
context-dependent attackers to read the contents of arbitrary memory
locations via a crafted value of the third argument to the function
for an indexed image (CVE-2008-5498).

The updated packages have been patched to correct these issues.

Affected: Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-4782
Bugtraq: 20070904 PHP < 5.2.3 fnmatch() denial of service (Google Search)
http://www.securityfocus.com/archive/1/478630/100/0/threaded
Bugtraq: 20070905 PHP < 5.2.3 glob() denial of service (Google Search)
http://www.securityfocus.com/archive/1/478626/100/0/threaded
http://www.securityfocus.com/archive/1/478726/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://osvdb.org/38686
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10897
http://www.redhat.com/support/errata/RHSA-2008-0505.html
http://www.redhat.com/support/errata/RHSA-2008-0544.html
http://www.redhat.com/support/errata/RHSA-2008-0545.html
http://www.redhat.com/support/errata/RHSA-2008-0582.html
http://secunia.com/advisories/27102
http://secunia.com/advisories/28658
http://secunia.com/advisories/30828
http://secunia.com/advisories/31119
http://secunia.com/advisories/31200
http://securityreason.com/securityalert/3109
SuSE Security Announcement: SUSE-SA:2008:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://www.ubuntu.com/usn/usn-628-1
XForce ISS Database: php-fnmatch-dos(36457)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36457
XForce ISS Database: php-globfunction-dos(36461)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36461
Common Vulnerability Exposure (CVE) ID: CVE-2007-4850
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
BugTraq ID: 27413
http://www.securityfocus.com/bid/27413
BugTraq ID: 29009
http://www.securityfocus.com/bid/29009
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Bugtraq: 20080122 PHP 5.2.5 cURL safe_mode bypass (Google Search)
http://www.securityfocus.com/archive/1/486856/100/0/threaded
Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/492671/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html
http://www.openwall.com/lists/oss-security/2008/05/02/2
http://secunia.com/advisories/30048
http://secunia.com/advisories/30411
http://secunia.com/advisories/31326
http://secunia.com/advisories/32222
http://securityreason.com/securityalert/3562
http://securityreason.com/achievement_securityalert/51
http://www.vupen.com/english/advisories/2008/1412
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2780
XForce ISS Database: php-curlinit-security-bypass(39852)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39852
XForce ISS Database: php-safemode-directive-security-bypass(42134)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42134
Common Vulnerability Exposure (CVE) ID: CVE-2008-1384
BugTraq ID: 28392
http://www.securityfocus.com/bid/28392
Bugtraq: 20080321 {securityreason.com}PHP 5 *printf() - Integer Overflow (Google Search)
http://www.securityfocus.com/archive/1/489962/100/0/threaded
Bugtraq: 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/492535/100/0/threaded
Debian Security Information: DSA-1572 (Google Search)
http://www.debian.org/security/2008/dsa-1572
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://secunia.com/advisories/30158
http://secunia.com/advisories/30345
http://secunia.com/advisories/30967
http://secunia.com/advisories/32746
http://securityreason.com/achievement_securityalert/52
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
XForce ISS Database: php-phpsprintfappendstring-overflow(41386)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41386
Common Vulnerability Exposure (CVE) ID: CVE-2008-2050
20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl
29009
30048
30083
http://secunia.com/advisories/30083
30158
30345
30967
31200
31326
32746
ADV-2008-1412
ADV-2008-2268
APPLE-SA-2008-07-31
DSA-1572
GLSA-200811-05
MDVSA-2009:022
MDVSA-2009:023
SSA:2008-128-01
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951
SUSE-SR:2008:014
USN-628-1
[oss-security] 20080502 CVE Request (PHP)
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
http://www.php.net/ChangeLog-5.php
https://issues.rpath.com/browse/RPL-2503
php-fastcgisapi-bo(42133)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42133
Common Vulnerability Exposure (CVE) ID: CVE-2008-2371
20081027 rPSA-2008-0305-1 pcre
http://www.securityfocus.com/archive/1/497828/100/0/threaded
30087
http://www.securityfocus.com/bid/30087
30916
http://secunia.com/advisories/30916
30944
http://secunia.com/advisories/30944
30945
http://secunia.com/advisories/30945
30958
http://secunia.com/advisories/30958
30961
http://secunia.com/advisories/30961
30972
http://secunia.com/advisories/30972
30990
http://secunia.com/advisories/30990
31681
32222
32454
http://secunia.com/advisories/32454
35074
http://secunia.com/advisories/35074
35650
http://secunia.com/advisories/35650
39300
http://secunia.com/advisories/39300
ADV-2008-2005
http://www.vupen.com/english/advisories/2008/2005
ADV-2008-2006
http://www.vupen.com/english/advisories/2008/2006
ADV-2008-2336
http://www.vupen.com/english/advisories/2008/2336
ADV-2008-2780
ADV-2009-1297
http://www.vupen.com/english/advisories/2009/1297
ADV-2010-0833
http://www.vupen.com/english/advisories/2010/0833
APPLE-SA-2008-10-09
APPLE-SA-2009-05-12
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
DSA-1602
http://www.debian.org/security/2008/dsa-1602
FEDORA-2008-6025
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html
FEDORA-2008-6048
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html
GLSA-200807-03
http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml
HPSBUX02431
http://marc.info/?l=bugtraq&m=124654546101607&w=2
HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
MDVSA-2008:147
http://www.mandriva.com/security/advisories?name=MDVSA-2008:147
SSRT090085
SSRT090192
TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
USN-624-1
http://www.ubuntu.com/usn/usn-624-1
USN-624-2
http://ubuntu.com/usn/usn-624-2
http://bugs.gentoo.org/show_bug.cgi?id=228091
http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT3549
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305
Common Vulnerability Exposure (CVE) ID: CVE-2008-3658
BugTraq ID: 30649
http://www.securityfocus.com/bid/30649
Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/501376/100/0/threaded
Cert/CC Advisory: TA09-133A
Debian Security Information: DSA-1647 (Google Search)
http://www.debian.org/security/2008/dsa-1647
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
HPdes Security Advisory: HPSBTU02382
http://www.securityfocus.com/archive/1/498647/100/0/threaded
HPdes Security Advisory: HPSBUX02401
http://marc.info/?l=bugtraq&m=123376588623823&w=2
HPdes Security Advisory: HPSBUX02465
HPdes Security Advisory: SSRT080132
HPdes Security Advisory: SSRT090005
HPdes Security Advisory: SSRT090192
http://www.mandriva.com/security/advisories?name=MDVSA-2009:021
http://www.mandriva.com/security/advisories?name=MDVSA-2009:024
http://news.php.net/php.cvs/51219
http://www.openwall.com/lists/oss-security/2008/08/08/2
http://www.openwall.com/lists/oss-security/2008/08/13/8
http://osvdb.org/47484
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9724
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://secunia.com/advisories/31982
http://secunia.com/advisories/32148
http://secunia.com/advisories/32316
http://secunia.com/advisories/32884
http://secunia.com/advisories/33797
http://secunia.com/advisories/35306
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
SuSE Security Announcement: SUSE-SR:2008:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
http://www.vupen.com/english/advisories/2008/3275
http://www.vupen.com/english/advisories/2009/0320
XForce ISS Database: php-imageloadfont-dos(44401)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44401
Common Vulnerability Exposure (CVE) ID: CVE-2008-3659
HPdes Security Advisory: HPSBUX02431
HPdes Security Advisory: SSRT090085
http://www.openwall.com/lists/oss-security/2008/08/08/3
http://www.openwall.com/lists/oss-security/2008/08/08/4
http://osvdb.org/47483
http://www.securitytracker.com/id?1020995
XForce ISS Database: php-memnstr-bo(44405)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44405
Common Vulnerability Exposure (CVE) ID: CVE-2008-3660
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597
http://www.securitytracker.com/id?1020994
XForce ISS Database: php-curl-unspecified(44402)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44402
Common Vulnerability Exposure (CVE) ID: CVE-2008-5498
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
BugTraq ID: 33002
http://www.securityfocus.com/bid/33002
http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php
http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php
http://osvdb.org/51031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667
http://securitytracker.com/id?1021494
http://secunia.com/advisories/34642
http://secunia.com/advisories/36701
SuSE Security Announcement: SUSE-SR:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
XForce ISS Database: php-imagerotate-info-disclosure(47635)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47635
CopyrightCopyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.