ID de Prueba:	1.3.6.1.4.1.25623.1.0.803342
Categoría:	Buffer overflow
Título:	PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability - Windows
Resumen:	PHP is prone to a heap buffer overflow vulnerability.
Descripción:	Summary: PHP is prone to a heap buffer overflow vulnerability. Vulnerability Insight: Flaw related to overflow in phar_parse_tarfile()function in ext/phar/tar.c in the phar extension. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code or cause a denial-of-service condition via specially crafted TAR file. Affected Software/OS: PHP version before 5.3.14 and 5.4.x before 5.4.4 Solution: Update to PHP 5.4.4 or 5.3.14 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2386 APPLE-SA-2012-09-19-2 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html SUSE-SU-2012:0840 http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html [oss-security] 20120522 Re: CVE request: PHP Phar - arbitrary code execution http://openwall.com/lists/oss-security/2012/05/22/10 http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=158d8a6b088662ce9d31e0c777c6ebe90efdc854 http://support.apple.com/kb/HT5501 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=61065 https://bugzilla.redhat.com/show_bug.cgi?id=823594
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.