ID de Prueba:	1.3.6.1.4.1.25623.1.0.841878
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for php5 USN-2254-1
Resumen:	The remote host is missing an update for the 'php5'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'php5' package(s) announced via the referenced advisory. Vulnerability Insight: Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM) set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0185) Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. (CVE-2014-0237, CVE-2014-0238) Stefan Esser discovered that PHP incorrectly handled DNS TXT records. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-4049) Affected Software/OS: php5 on Ubuntu 14.04 LTS, Ubuntu 13.10, Ubuntu 12.04 LTS, Ubuntu 10.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0185 https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch http://www.openwall.com/lists/oss-security/2014/04/29/5 http://secunia.com/advisories/59061 http://secunia.com/advisories/59329 SuSE Security Announcement: openSUSE-SU-2015:1685 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-10/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0237 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 67759 http://www.securityfocus.com/bid/67759 Debian Security Information: DSA-3021 (Google Search) http://www.debian.org/security/2014/dsa-3021 RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RedHat Security Advisories: RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59418 http://secunia.com/advisories/60998 SuSE Security Announcement: SUSE-SU-2014:0869 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0238 BugTraq ID: 67765 http://www.securityfocus.com/bid/67765 Common Vulnerability Exposure (CVE) ID: CVE-2014-4049 BugTraq ID: 68007 http://www.securityfocus.com/bid/68007 Debian Security Information: DSA-2961 (Google Search) http://www.debian.org/security/2014/dsa-2961 HPdes Security Advisory: HPSBUX03102 http://marc.info/?l=bugtraq&m=141017844705317&w=2 HPdes Security Advisory: SSRT101681 http://www.openwall.com/lists/oss-security/2014/06/13/4 http://www.securitytracker.com/id/1030435 http://secunia.com/advisories/59270 http://secunia.com/advisories/59496 http://secunia.com/advisories/59513 http://secunia.com/advisories/59652 SuSE Security Announcement: SUSE-SU-2014:0868 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html SuSE Security Announcement: openSUSE-SU-2014:0841 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html SuSE Security Announcement: openSUSE-SU-2014:0942 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.