Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0468)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0468

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0468)

Resumen: The remote host is missing an update for the 'php-smarty' package(s) announced via the MGASA-2014-0468 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php-smarty' package(s) announced via the MGASA-2014-0468 advisory.

Vulnerability Insight:
Cross-site scripting (XSS) vulnerability in the SmartyException class in
Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject
arbitrary web script or HTML via unspecified vectors that trigger a Smarty
exception (CVE-2012-4437).

Smarty before 3.1.21 allows remote attackers to bypass the secure mode
restrictions and execute arbitrary PHP code as demonstrated by
'{literal}<{/literal}script language=php>' in a template (CVE-2014-8350).

Affected Software/OS:
'php-smarty' package(s) on Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-4437
50589
http://secunia.com/advisories/50589
55506
http://www.securityfocus.com/bid/55506
FEDORA-2012-14578
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088138.html
JVN#63650108
http://jvn.jp/en/jp/JVN63650108/index.html
JVNDB-2012-000094
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000094.html
MDVSA-2014:221
http://www.mandriva.com/security/advisories?name=MDVSA-2014:221
[oss-security] 20120919 CVE Request Smarty / php-Smarty: XSS in Smarty exception messages
http://www.openwall.com/lists/oss-security/2012/09/19/1
[oss-security] 20120919 Re: CVE Request Smarty / php-Smarty: XSS in Smarty exception messages
http://www.openwall.com/lists/oss-security/2012/09/20/3
http://advisories.mageia.org/MGASA-2014-0468.html
http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt
http://code.google.com/p/smarty-php/source/detail?r=4658
Common Vulnerability Exposure (CVE) ID: CVE-2014-8350
BugTraq ID: 70708
http://www.securityfocus.com/bid/70708
http://seclists.org/oss-sec/2014/q4/420
http://seclists.org/oss-sec/2014/q4/421
XForce ISS Database: smarty-cve20148350-code-exec(97725)
https://exchange.xforce.ibmcloud.com/vulnerabilities/97725

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0468
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0468)
Resumen:	The remote host is missing an update for the 'php-smarty' package(s) announced via the MGASA-2014-0468 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php-smarty' package(s) announced via the MGASA-2014-0468 advisory. Vulnerability Insight: Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception (CVE-2012-4437). Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by '{literal}<{/literal}script language=php>' in a template (CVE-2014-8350). Affected Software/OS: 'php-smarty' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4437 50589 http://secunia.com/advisories/50589 55506 http://www.securityfocus.com/bid/55506 FEDORA-2012-14578 http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088138.html JVN#63650108 http://jvn.jp/en/jp/JVN63650108/index.html JVNDB-2012-000094 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000094.html MDVSA-2014:221 http://www.mandriva.com/security/advisories?name=MDVSA-2014:221 [oss-security] 20120919 CVE Request Smarty / php-Smarty: XSS in Smarty exception messages http://www.openwall.com/lists/oss-security/2012/09/19/1 [oss-security] 20120919 Re: CVE Request Smarty / php-Smarty: XSS in Smarty exception messages http://www.openwall.com/lists/oss-security/2012/09/20/3 http://advisories.mageia.org/MGASA-2014-0468.html http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt http://code.google.com/p/smarty-php/source/detail?r=4658 Common Vulnerability Exposure (CVE) ID: CVE-2014-8350 BugTraq ID: 70708 http://www.securityfocus.com/bid/70708 http://seclists.org/oss-sec/2014/q4/420 http://seclists.org/oss-sec/2014/q4/421 XForce ISS Database: smarty-cve20148350-code-exec(97725) https://exchange.xforce.ibmcloud.com/vulnerabilities/97725
Copyright	Copyright (C) 2022 Greenbone AG