ID de Prueba:	1.3.6.1.4.1.25623.1.0.902436
Categoría:	Buffer overflow
Título:	PHP 'socket_connect()' Buffer Overflow Vulnerability - Windows
Resumen:	PHP is prone to a stack buffer overflow vulnerability.
Descripción:	Summary: PHP is prone to a stack buffer overflow vulnerability. Vulnerability Insight: The flaw is due to an error in the 'socket_connect()' function within socket module. It uses memcpy to copy path from addr to s_un without checking addr length in case when AF_UNIX socket is used. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code or to cause denial of service condition. Affected Software/OS: PHP Version 5.3.5 and prior on Windows. Solution: Update to version 5.3.7 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1938 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html BugTraq ID: 49241 http://www.securityfocus.com/bid/49241 Debian Security Information: DSA-2399 (Google Search) http://www.debian.org/security/2012/dsa-2399 http://www.exploit-db.com/exploits/17318/ HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100826 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://openwall.com/lists/oss-security/2011/05/24/1 http://openwall.com/lists/oss-security/2011/05/24/9 http://osvdb.org/72644 http://www.redhat.com/support/errata/RHSA-2011-1423.html http://securityreason.com/securityalert/8262 http://securityreason.com/securityalert/8294 XForce ISS Database: php-socketconnect-bo(67606) https://exchange.xforce.ibmcloud.com/vulnerabilities/67606
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.