 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.881830 |
| Categoría: | CentOS Local Security Checks |
| Título: | CentOS Update for php CESA-2013:1813 centos6 |
| Resumen: | The remote host is missing an update for the 'php'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'php' package(s) announced via the referenced advisory. Vulnerability Insight: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php53 and php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. Affected Software/OS: php on CentOS 6 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-6420 BugTraq ID: 64225 http://www.securityfocus.com/bid/64225 Debian Security Information: DSA-2816 (Google Search) http://www.debian.org/security/2013/dsa-2816 HPdes Security Advisory: HPSBMU03112 https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322 HPdes Security Advisory: SSRT101447 https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html RedHat Security Advisories: RHSA-2013:1813 http://rhn.redhat.com/errata/RHSA-2013-1813.html RedHat Security Advisories: RHSA-2013:1815 http://rhn.redhat.com/errata/RHSA-2013-1815.html RedHat Security Advisories: RHSA-2013:1824 http://rhn.redhat.com/errata/RHSA-2013-1824.html RedHat Security Advisories: RHSA-2013:1825 http://rhn.redhat.com/errata/RHSA-2013-1825.html RedHat Security Advisories: RHSA-2013:1826 http://rhn.redhat.com/errata/RHSA-2013-1826.html http://www.securitytracker.com/id/1029472 http://secunia.com/advisories/59652 SuSE Security Announcement: openSUSE-SU-2013:1963 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html SuSE Security Announcement: openSUSE-SU-2013:1964 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://www.ubuntu.com/usn/USN-2055-1 |
| Copyright | Copyright (C) 2013 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |