ID de Prueba:	1.3.6.1.4.1.25623.1.0.62866
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0162
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0162. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285) A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583) A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718) A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001) A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary strings using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0162.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0455 BugTraq ID: 22289 http://www.securityfocus.com/bid/22289 Bugtraq: 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/466166/100/0/threaded http://fedoranews.org/cms/node/2631 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303 http://www.redhat.com/support/errata/RHSA-2007-0153.html RedHat Security Advisories: RHSA-2007:0155 http://rhn.redhat.com/errata/RHSA-2007-0155.html http://www.redhat.com/support/errata/RHSA-2007-0162.html http://www.redhat.com/support/errata/RHSA-2008-0146.html http://secunia.com/advisories/23916 http://secunia.com/advisories/24022 http://secunia.com/advisories/24052 http://secunia.com/advisories/24053 http://secunia.com/advisories/24107 http://secunia.com/advisories/24143 http://secunia.com/advisories/24151 http://secunia.com/advisories/24924 http://secunia.com/advisories/24945 http://secunia.com/advisories/24965 http://secunia.com/advisories/25575 http://secunia.com/advisories/29157 http://secunia.com/advisories/42813 http://www.trustix.org/errata/2007/0007 http://www.ubuntu.com/usn/usn-473-1 http://www.vupen.com/english/advisories/2007/0400 http://www.vupen.com/english/advisories/2011/0022 Common Vulnerability Exposure (CVE) ID: CVE-2007-1001 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html BugTraq ID: 23357 http://www.securityfocus.com/bid/23357 BugTraq ID: 25159 http://www.securityfocus.com/bid/25159 Bugtraq: 20070407 PHP <= 5.2.1 wbmp file handling integer overflow (Google Search) http://www.securityfocus.com/archive/1/464957/100/0/threaded http://security.gentoo.org/glsa/glsa-200705-19.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:087 http://www.mandriva.com/security/advisories?name=MDKSA-2007:088 http://www.mandriva.com/security/advisories?name=MDKSA-2007:089 http://www.mandriva.com/security/advisories?name=MDKSA-2007:090 http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1 http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179 http://secunia.com/advisories/24814 http://secunia.com/advisories/24909 http://secunia.com/advisories/25056 http://secunia.com/advisories/25151 http://secunia.com/advisories/25445 http://secunia.com/advisories/26235 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053 SuSE Security Announcement: SUSE-SA:2007:032 (Google Search) http://www.novell.com/linux/security/advisories/2007_32_php.html http://www.vupen.com/english/advisories/2007/1269 http://www.vupen.com/english/advisories/2007/2732 XForce ISS Database: php-gd-overflow(33453) https://exchange.xforce.ibmcloud.com/vulnerabilities/33453 Common Vulnerability Exposure (CVE) ID: CVE-2007-1285 BugTraq ID: 22764 http://www.securityfocus.com/bid/22764 http://www.php-security.org/MOPB/MOPB-03-2007.html http://www.osvdb.org/32769 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017 http://www.redhat.com/support/errata/RHSA-2007-0082.html RedHat Security Advisories: RHSA-2007:0154 http://rhn.redhat.com/errata/RHSA-2007-0154.html RedHat Security Advisories: RHSA-2007:0163 http://rhn.redhat.com/errata/RHSA-2007-0163.html http://www.securitytracker.com/id?1017771 http://secunia.com/advisories/24910 http://secunia.com/advisories/24941 http://secunia.com/advisories/26048 http://secunia.com/advisories/26642 http://secunia.com/advisories/27864 http://secunia.com/advisories/28936 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136 SuSE Security Announcement: SUSE-SA:2007:044 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html https://usn.ubuntu.com/549-1/ http://www.ubuntu.com/usn/usn-549-2 Common Vulnerability Exposure (CVE) ID: CVE-2007-1718 BugTraq ID: 23145 http://www.securityfocus.com/bid/23145 Debian Security Information: DSA-1282 (Google Search) http://www.debian.org/security/2007/dsa-1282 Debian Security Information: DSA-1283 (Google Search) http://www.debian.org/security/2007/dsa-1283 http://www.php-security.org/MOPB/MOPB-34-2007.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10951 http://www.securitytracker.com/id?1017946 http://secunia.com/advisories/25025 http://secunia.com/advisories/25057 http://secunia.com/advisories/25062 http://www.ubuntu.com/usn/usn-455-1 XForce ISS Database: php-mailfunction-header-injection(33516) https://exchange.xforce.ibmcloud.com/vulnerabilities/33516 Common Vulnerability Exposure (CVE) ID: CVE-2007-1583 BugTraq ID: 23016 http://www.securityfocus.com/bid/23016 http://www.php-security.org/MOPB/MOPB-26-2007.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10245
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.