Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0151)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0151

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0151)

Resumen: The remote host is missing an update for the 'php-ZendFramework' package(s) announced via the MGASA-2014-0151 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php-ZendFramework' package(s) announced via the MGASA-2014-0151 advisory.

Vulnerability Insight:
Updated php-ZendFramework packages fix security vulnerabilities:

XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws were
discovered in the Zend Framework. An attacker could use these flaws to cause
a denial of service, access files accessible to the server process, or
possibly perform other more advanced XML External Entity (XXE) attacks
(CVE-2014-2681, CVE-2014-2682, CVE-2014-2683).

Using the Consumer component of Zend_OpenId, it is possible to login using an
arbitrary OpenID account (without knowing any secret information) by using a
malicious OpenID Provider. That means OpenID it is possible to login using
arbitrary OpenID Identity (MyOpenID, Google, etc), which are not under the
control of our own OpenID Provider. Thus, we are able to impersonate any
OpenID Identity against the framework (CVE-2014-2684, CVE-2014-2685).

Affected Software/OS:
'php-ZendFramework' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-2681
BugTraq ID: 66358
http://www.securityfocus.com/bid/66358
Debian Security Information: DSA-3265 (Google Search)
http://www.debian.org/security/2015/dsa-3265
http://www.mandriva.com/security/advisories?name=MDVSA-2014:072
http://seclists.org/oss-sec/2014/q2/0
Common Vulnerability Exposure (CVE) ID: CVE-2014-2682
Common Vulnerability Exposure (CVE) ID: CVE-2014-2683
Common Vulnerability Exposure (CVE) ID: CVE-2014-2684
Common Vulnerability Exposure (CVE) ID: CVE-2014-2685

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0151
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0151)
Resumen:	The remote host is missing an update for the 'php-ZendFramework' package(s) announced via the MGASA-2014-0151 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php-ZendFramework' package(s) announced via the MGASA-2014-0151 advisory. Vulnerability Insight: Updated php-ZendFramework packages fix security vulnerabilities: XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform other more advanced XML External Entity (XXE) attacks (CVE-2014-2681, CVE-2014-2682, CVE-2014-2683). Using the Consumer component of Zend_OpenId, it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google, etc), which are not under the control of our own OpenID Provider. Thus, we are able to impersonate any OpenID Identity against the framework (CVE-2014-2684, CVE-2014-2685). Affected Software/OS: 'php-ZendFramework' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2681 BugTraq ID: 66358 http://www.securityfocus.com/bid/66358 Debian Security Information: DSA-3265 (Google Search) http://www.debian.org/security/2015/dsa-3265 http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 http://seclists.org/oss-sec/2014/q2/0 Common Vulnerability Exposure (CVE) ID: CVE-2014-2682 Common Vulnerability Exposure (CVE) ID: CVE-2014-2683 Common Vulnerability Exposure (CVE) ID: CVE-2014-2684 Common Vulnerability Exposure (CVE) ID: CVE-2014-2685
Copyright	Copyright (C) 2022 Greenbone AG