ID de Prueba:	1.3.6.1.4.1.25623.1.0.831485
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for php MDVSA-2011:166 (php)
Resumen:	The remote host is missing an update for the 'php'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'php' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been identified and fixed in php: The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders (CVE-2011-3379). The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory and is now being provided, the php-timezonedb package was upgraded to the latest version (2011.14) for 2011. The updated packages have been patched to correct this issue. Affected Software/OS: php on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3379 Bugtraq: 20110923 Security issue is_a function in PHP 5.3.7+ (Google Search) http://www.securityfocus.com/archive/1/519770/30/0/threaded HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: SSRT100877 http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/ http://securityreason.com/securityalert/8525
Copyright	Copyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.