FreeBSD Local Security Checks : FreeBSD Ports: php5-zip

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69359

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: php5-zip

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: php5-zip

CVE-2011-0421
The _zip_name_locate function in zip_name_locate.c in the Zip
extension in PHP before 5.3.6 does not properly handle a
ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent
attackers to cause a denial of service (application crash) via an
empty ZIP archive that is processed with a (1) locateName or (2)
statName operation.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0421
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 46354
http://www.securityfocus.com/bid/46354
Bugtraq: 20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) (Google Search)
http://www.securityfocus.com/archive/1/517065/100/0/threaded
Debian Security Information: DSA-2266 (Google Search)
http://www.debian.org/security/2011/dsa-2266
http://www.exploit-db.com/exploits/17004
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html
HPdes Security Advisory: HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
HPdes Security Advisory: SSRT100826
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
http://www.mandriva.com/security/advisories?name=MDVSA-2011:099
http://secunia.com/advisories/43621
http://securityreason.com/securityalert/8146
http://securityreason.com/achievement_securityalert/96
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.vupen.com/english/advisories/2011/0744
http://www.vupen.com/english/advisories/2011/0764
http://www.vupen.com/english/advisories/2011/0890
XForce ISS Database: libzip-zipnamelocate-dos(66173)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66173

Copyright Copyright (C) 2011 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69359
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: php5-zip
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: php5-zip CVE-2011-0421 The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0421 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 46354 http://www.securityfocus.com/bid/46354 Bugtraq: 20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) (Google Search) http://www.securityfocus.com/archive/1/517065/100/0/threaded Debian Security Information: DSA-2266 (Google Search) http://www.debian.org/security/2011/dsa-2266 http://www.exploit-db.com/exploits/17004 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100826 http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 http://www.mandriva.com/security/advisories?name=MDVSA-2011:053 http://www.mandriva.com/security/advisories?name=MDVSA-2011:099 http://secunia.com/advisories/43621 http://securityreason.com/securityalert/8146 http://securityreason.com/achievement_securityalert/96 SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.vupen.com/english/advisories/2011/0744 http://www.vupen.com/english/advisories/2011/0764 http://www.vupen.com/english/advisories/2011/0890 XForce ISS Database: libzip-zipnamelocate-dos(66173) https://exchange.xforce.ibmcloud.com/vulnerabilities/66173
Copyright	Copyright (C) 2011 E-Soft Inc.