ID de Prueba:	1.3.6.1.4.1.25623.1.0.57448
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0708
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0708. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4812) This issue did not affect the PHP packages distributed with Red Hat Enterprise Linux 3 or 4. Users of PHP should upgrade to these updated packages which contain a backported patch that corrects this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0708.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4812 BugTraq ID: 20349 http://www.securityfocus.com/bid/20349 Bugtraq: 20061009 Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow (Google Search) http://www.securityfocus.com/archive/1/448014/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml http://www.hardened-php.net/advisory_092006.133.html http://www.securityfocus.com/archive/1/448953/100/0/threaded RedHat Security Advisories: RHSA-2006:0688 http://rhn.redhat.com/errata/RHSA-2006-0688.html RedHat Security Advisories: RHSA-2006:0708 http://rhn.redhat.com/errata/RHSA-2006-0708.html http://securitytracker.com/id?1016984 http://secunia.com/advisories/22280 http://secunia.com/advisories/22281 http://secunia.com/advisories/22300 http://secunia.com/advisories/22331 http://secunia.com/advisories/22338 http://secunia.com/advisories/22533 http://secunia.com/advisories/22538 http://secunia.com/advisories/22650 http://securityreason.com/securityalert/1691 SuSE Security Announcement: SUSE-SA:2006:059 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html http://www.trustix.org/errata/2006/0055 http://www.ubuntu.com/usn/usn-362-1 http://www.vupen.com/english/advisories/2006/3922 XForce ISS Database: php-ecalloc-integer-overflow(29362) https://exchange.xforce.ibmcloud.com/vulnerabilities/29362
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.