English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 75803 Descripciones CVE y
40037 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.68808
Categoría:Ubuntu Local Security Checks
Título:Ubuntu USN-1042-1 (php5)
Resumen:Ubuntu USN-1042-1 (php5)
Descripción:The remote host is missing an update to php5
announced via advisory USN-1042-1.

Details follow:

It was discovered that an integer overflow in the XML UTF-8 decoding
code could allow an attacker to bypass cross-site scripting (XSS)
protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS,
and Ubuntu 9.10. (CVE-2009-5016)

It was discovered that the XML UTF-8 decoding code did not properly
handle non-shortest form UTF-8 encoding and ill-formed subsequences
in UTF-8 data, which could allow an attacker to bypass cross-site
scripting (XSS) protections. (CVE-2010-3870)

It was discovered that attackers might be able to bypass open_basedir()
restrictions by passing a specially crafted filename. (CVE-2010-3436)

Maksymilian Arciemowicz discovered that a NULL pointer derefence in the
ZIP archive handling code could allow an attacker to cause a denial
of service through a specially crafted ZIP archive. This issue only
affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu
10.10. (CVE-2010-3709)

It was discovered that a stack consumption vulnerability in the
filter_var() PHP function when in FILTER_VALIDATE_EMAIL mode, could
allow a remote attacker to cause a denial of service. This issue
only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and
Ubuntu 10.10. (CVE-2010-3710)

It was discovered that the mb_strcut function in the Libmbfl
library within PHP could allow an attacker to read arbitrary memory
within the application process. This issue only affected Ubuntu
10.10. (CVE-2010-4156)

Maksymilian Arciemowicz discovered that an integer overflow in the
NumberFormatter::getSymbol function could allow an attacker to cause
a denial of service. This issue only affected Ubuntu 10.04 LTS and
Ubuntu 10.10. (CVE-2010-4409)

Rick Regan discovered that when handing PHP textual representations
of the largest subnormal double-precision floating-point number,
the zend_strtod function could go into an infinite loop on 32bit
x86 processors, allowing an attacker to cause a denial of service.
(CVE-2010-4645)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libapache2-mod-php5 5.1.2-1ubuntu3.20
php5-cgi 5.1.2-1ubuntu3.20
php5-cli 5.1.2-1ubuntu3.20

Ubuntu 8.04 LTS:
libapache2-mod-php5 5.2.4-2ubuntu5.13
php5-cgi 5.2.4-2ubuntu5.13
php5-cli 5.2.4-2ubuntu5.13

Ubuntu 9.10:
libapache2-mod-php5 5.2.10.dfsg.1-2ubuntu6.6
php5-cgi 5.2.10.dfsg.1-2ubuntu6.6
php5-cli 5.2.10.dfsg.1-2ubuntu6.6

Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.6
php5-cgi 5.3.2-1ubuntu4.6
php5-cli 5.3.2-1ubuntu4.6

Ubuntu 10.10:
libapache2-mod-php5 5.3.3-1ubuntu9.2
php5-cgi 5.3.3-1ubuntu9.2
php5-cli 5.3.3-1ubuntu9.2

In general, a standard system update will make all the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-1042-1

Risk factor : High
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-5016
http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
http://www.redhat.com/support/errata/RHSA-2010-0919.html
http://www.redhat.com/support/errata/RHSA-2011-0195.html
http://www.ubuntu.com/usn/USN-1042-1
BugTraq ID: 44889
http://www.securityfocus.com/bid/44889
http://secunia.com/advisories/42410
http://secunia.com/advisories/42812
http://www.vupen.com/english/advisories/2010/3081
http://www.vupen.com/english/advisories/2011/0020
http://www.vupen.com/english/advisories/2011/0021
http://www.vupen.com/english/advisories/2011/0077
Common Vulnerability Exposure (CVE) ID: CVE-2010-3436
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:218
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619
BugTraq ID: 44723
http://www.securityfocus.com/bid/44723
http://secunia.com/advisories/42729
http://www.vupen.com/english/advisories/2010/3313
Common Vulnerability Exposure (CVE) ID: CVE-2010-3709
http://securityreason.com/achievement_securityalert/90
http://www.exploit-db.com/exploits/15431
HPdes Security Advisory: HPSBMA02662
http://marc.info/?l=bugtraq&m=130331363227777&w=2
HPdes Security Advisory: SSRT100409
BugTraq ID: 44718
http://www.securityfocus.com/bid/44718
http://www.securitytracker.com/id?1024690
Common Vulnerability Exposure (CVE) ID: CVE-2010-3710
http://www.redhat.com/support/errata/RHSA-2011-0196.html
SuSE Security Announcement: SUSE-SR:2010:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
BugTraq ID: 43926
http://www.securityfocus.com/bid/43926
http://secunia.com/advisories/43189
Common Vulnerability Exposure (CVE) ID: CVE-2010-3870
http://www.openwall.com/lists/oss-security/2010/11/02/2
http://www.openwall.com/lists/oss-security/2010/11/02/4
http://www.openwall.com/lists/oss-security/2010/11/02/6
http://www.openwall.com/lists/oss-security/2010/11/02/8
http://www.openwall.com/lists/oss-security/2010/11/02/11
http://www.openwall.com/lists/oss-security/2010/11/02/1
http://www.openwall.com/lists/oss-security/2010/11/03/1
http://bugs.php.net/bug.php?id=48230
http://us2.php.net/manual/en/function.utf8-decode.php#83935
http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/
http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224
BugTraq ID: 44605
http://www.securityfocus.com/bid/44605
http://www.securitytracker.com/id?1024797
Common Vulnerability Exposure (CVE) ID: CVE-2010-4156
http://www.openwall.com/lists/oss-security/2010/11/07/2
http://www.openwall.com/lists/oss-security/2010/11/08/13
http://pastie.org/1279428
http://pastie.org/1279682
http://www.mandriva.com/security/advisories?name=MDVSA-2010:225
BugTraq ID: 44727
http://www.securityfocus.com/bid/44727
http://secunia.com/advisories/42135
Common Vulnerability Exposure (CVE) ID: CVE-2010-4409
Bugtraq: 20101210 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/515142/100/0/threaded
http://www.exploit-db.com/exploits/15722
http://www.mandriva.com/security/advisories?name=MDVSA-2010:255
http://www.mandriva.com/security/advisories?name=MDVSA-2010:254
SuSE Security Announcement: openSUSE-SU-2012:0100 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html
CERT/CC vulnerability note: VU#479900
http://www.kb.cert.org/vuls/id/479900
BugTraq ID: 45119
http://www.securityfocus.com/bid/45119
http://secunia.com/advisories/47674
Common Vulnerability Exposure (CVE) ID: CVE-2010-4645
http://www.openwall.com/lists/oss-security/2011/01/05/8
http://www.openwall.com/lists/oss-security/2011/01/05/2
http://www.openwall.com/lists/oss-security/2011/01/06/5
http://hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdf
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=266327&r2=307095&pathrev=307095
http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.html
HPdes Security Advisory: HPSBMU02752
http://marc.info/?l=bugtraq&m=133226187115472&w=2
HPdes Security Advisory: SSRT100802
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.484686
BugTraq ID: 45668
http://www.securityfocus.com/bid/45668
http://secunia.com/advisories/42843
http://secunia.com/advisories/43051
http://www.vupen.com/english/advisories/2011/0060
http://www.vupen.com/english/advisories/2011/0066
http://www.vupen.com/english/advisories/2011/0198
XForce ISS Database: php-zendstrtod-dos(64470)
http://xforce.iss.net/xforce/xfdb/64470
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 40037 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.