Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:180 (php-suhosin)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72074

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:180 (php-suhosin)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to php-suhosin
announced via advisory MDVSA-2011:180.

A vulnerability was discovered and fixed in php-suhosin:

crypt_blowfish before 1.1, as used in suhosin does not properly
handle 8-bit characters, which makes it easier for context-dependent
attackers to determine a cleartext password by leveraging knowledge
of a password hash (CVE-2011-2483).

The updated packages have been patched to correct this issue.

Affected: 2010.1, 2011., Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:180

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2483
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 49241
http://www.securityfocus.com/bid/49241
Debian Security Information: DSA-2340 (Google Search)
http://www.debian.org/security/2011/dsa-2340
Debian Security Information: DSA-2399 (Google Search)
http://www.debian.org/security/2012/dsa-2399
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
http://www.mandriva.com/security/advisories?name=MDVSA-2011:180
http://freshmeat.net/projects/crypt_blowfish
http://www.redhat.com/support/errata/RHSA-2011-1377.html
http://www.redhat.com/support/errata/RHSA-2011-1378.html
http://www.redhat.com/support/errata/RHSA-2011-1423.html
SuSE Security Announcement: SUSE-SA:2011:035 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html
http://www.ubuntu.com/usn/USN-1229-1
XForce ISS Database: php-cryptblowfish-info-disclosure(69319)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69319

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72074
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:180 (php-suhosin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php-suhosin announced via advisory MDVSA-2011:180. A vulnerability was discovered and fixed in php-suhosin: crypt_blowfish before 1.1, as used in suhosin does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). The updated packages have been patched to correct this issue. Affected: 2010.1, 2011., Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:180 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2483 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html BugTraq ID: 49241 http://www.securityfocus.com/bid/49241 Debian Security Information: DSA-2340 (Google Search) http://www.debian.org/security/2011/dsa-2340 Debian Security Information: DSA-2399 (Google Search) http://www.debian.org/security/2012/dsa-2399 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 http://www.mandriva.com/security/advisories?name=MDVSA-2011:179 http://www.mandriva.com/security/advisories?name=MDVSA-2011:180 http://freshmeat.net/projects/crypt_blowfish http://www.redhat.com/support/errata/RHSA-2011-1377.html http://www.redhat.com/support/errata/RHSA-2011-1378.html http://www.redhat.com/support/errata/RHSA-2011-1423.html SuSE Security Announcement: SUSE-SA:2011:035 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html http://www.ubuntu.com/usn/USN-1229-1 XForce ISS Database: php-cryptblowfish-info-disclosure(69319) https://exchange.xforce.ibmcloud.com/vulnerabilities/69319
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com