CentOS Local Security Checks : CentOS Update for php CESA-2012:0093 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881075

Categoría: CentOS Local Security Checks

Título: CentOS Update for php CESA-2012:0093 centos6

Resumen: The remote host is missing an update for the 'php'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'php'
package(s) announced via the referenced advisory.

Vulnerability Insight:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

It was discovered that the fix for CVE-2011-4885 (released via
RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red
Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized
memory use flaw. A remote attacker could send a specially-crafted HTTP
request to cause the PHP interpreter to crash or, possibly, execute
arbitrary code. (CVE-2012-0830)

All php users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

Affected Software/OS:
php on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-0830
1026631
http://securitytracker.com/id?1026631
47801
http://secunia.com/advisories/47801
47806
http://secunia.com/advisories/47806
47813
http://secunia.com/advisories/47813
48668
http://secunia.com/advisories/48668
51830
http://www.securityfocus.com/bid/51830
78819
http://www.osvdb.org/78819
APPLE-SA-2012-05-09-1
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
DSA-2403
http://www.debian.org/security/2012/dsa-2403
HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPSBUX02791
http://marc.info/?l=bugtraq&m=134012830914727&w=2
RHSA-2012:0092
http://rhn.redhat.com/errata/RHSA-2012-0092.html
SSRT100856
SSRT100877
SUSE-SU-2012:0411
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
[oss-security] 20120202 PHP remote code execution introduced via HashDoS fix
http://openwall.com/lists/oss-security/2012/02/02/12
[oss-security] 20120203 Re: PHP remote code execution introduced via HashDoS fix
http://openwall.com/lists/oss-security/2012/02/03/1
http://support.apple.com/kb/HT5281
http://svn.php.net/viewvc?view=revision&revision=323007
http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html
http://www.php.net/ChangeLog-5.php#5.3.10
https://gist.github.com/1725489
openSUSE-SU-2012:0426
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
php-phpregistervariableex-code-exec(72911)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72911
Common Vulnerability Exposure (CVE) ID: CVE-2011-4885
BugTraq ID: 51193
http://www.securityfocus.com/bid/51193
Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
CERT/CC vulnerability note: VU#903934
http://www.kb.cert.org/vuls/id/903934
Debian Security Information: DSA-2399 (Google Search)
http://www.debian.org/security/2012/dsa-2399
http://www.exploit-db.com/exploits/18296
http://www.exploit-db.com/exploits/18305
HPdes Security Advisory: HPSBMU02786
HPdes Security Advisory: HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
HPdes Security Advisory: HPSBUX02741
http://marc.info/?l=bugtraq&m=132871655717248&w=2
HPdes Security Advisory: SSRT100728
HPdes Security Advisory: SSRT100826
HPdes Security Advisory: SSRT100877
http://www.mandriva.com/security/advisories?name=MDVSA-2011:197
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
http://www.redhat.com/support/errata/RHSA-2012-0019.html
RedHat Security Advisories: RHSA-2012:0071
http://rhn.redhat.com/errata/RHSA-2012-0071.html
http://www.securitytracker.com/id?1026473
http://secunia.com/advisories/47404
SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
XForce ISS Database: php-hash-dos(72021)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72021

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881075
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for php CESA-2012:0093 centos6
Resumen:	The remote host is missing an update for the 'php'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'php' package(s) announced via the referenced advisory. Vulnerability Insight: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. Affected Software/OS: php on CentOS 6 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0830 1026631 http://securitytracker.com/id?1026631 47801 http://secunia.com/advisories/47801 47806 http://secunia.com/advisories/47806 47813 http://secunia.com/advisories/47813 48668 http://secunia.com/advisories/48668 51830 http://www.securityfocus.com/bid/51830 78819 http://www.osvdb.org/78819 APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html DSA-2403 http://www.debian.org/security/2012/dsa-2403 HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPSBUX02791 http://marc.info/?l=bugtraq&m=134012830914727&w=2 RHSA-2012:0092 http://rhn.redhat.com/errata/RHSA-2012-0092.html SSRT100856 SSRT100877 SUSE-SU-2012:0411 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html [oss-security] 20120202 PHP remote code execution introduced via HashDoS fix http://openwall.com/lists/oss-security/2012/02/02/12 [oss-security] 20120203 Re: PHP remote code execution introduced via HashDoS fix http://openwall.com/lists/oss-security/2012/02/03/1 http://support.apple.com/kb/HT5281 http://svn.php.net/viewvc?view=revision&revision=323007 http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html http://www.php.net/ChangeLog-5.php#5.3.10 https://gist.github.com/1725489 openSUSE-SU-2012:0426 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html php-phpregistervariableex-code-exec(72911) https://exchange.xforce.ibmcloud.com/vulnerabilities/72911 Common Vulnerability Exposure (CVE) ID: CVE-2011-4885 BugTraq ID: 51193 http://www.securityfocus.com/bid/51193 Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search) http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html CERT/CC vulnerability note: VU#903934 http://www.kb.cert.org/vuls/id/903934 Debian Security Information: DSA-2399 (Google Search) http://www.debian.org/security/2012/dsa-2399 http://www.exploit-db.com/exploits/18296 http://www.exploit-db.com/exploits/18305 HPdes Security Advisory: HPSBMU02786 HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: HPSBUX02741 http://marc.info/?l=bugtraq&m=132871655717248&w=2 HPdes Security Advisory: SSRT100728 HPdes Security Advisory: SSRT100826 HPdes Security Advisory: SSRT100877 http://www.mandriva.com/security/advisories?name=MDVSA-2011:197 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py http://www.redhat.com/support/errata/RHSA-2012-0019.html RedHat Security Advisories: RHSA-2012:0071 http://rhn.redhat.com/errata/RHSA-2012-0071.html http://www.securitytracker.com/id?1026473 http://secunia.com/advisories/47404 SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search) SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search) XForce ISS Database: php-hash-dos(72021) https://exchange.xforce.ibmcloud.com/vulnerabilities/72021
Copyright	Copyright (C) 2012 Greenbone AG