Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.843067 |
Categoría: | Ubuntu Local Security Checks |
Título: | Ubuntu Update for php7.0 USN-3211-1 |
Resumen: | The remote host is missing an update for the 'php7.0'; package(s) announced via the referenced advisory. |
Descripción: | Summary: The remote host is missing an update for the 'php7.0' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340) Affected Software/OS: php7.0 on Ubuntu 16.10, Ubuntu 16.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-7479 BugTraq ID: 95151 http://www.securityfocus.com/bid/95151 http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf https://bugs.php.net/bug.php?id=73092 https://www.youtube.com/watch?v=LDcaPstAuPk RedHat Security Advisories: RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296 http://www.securitytracker.com/id/1037659 Common Vulnerability Exposure (CVE) ID: CVE-2016-9137 BugTraq ID: 93577 http://www.securityfocus.com/bid/93577 Debian Security Information: DSA-3698 (Google Search) http://www.debian.org/security/2016/dsa-3698 http://www.openwall.com/lists/oss-security/2016/11/01/2 Common Vulnerability Exposure (CVE) ID: CVE-2016-9935 BugTraq ID: 94846 http://www.securityfocus.com/bid/94846 Debian Security Information: DSA-3737 (Google Search) http://www.debian.org/security/2016/dsa-3737 https://security.gentoo.org/glsa/201702-29 http://www.openwall.com/lists/oss-security/2016/12/12/2 SuSE Security Announcement: openSUSE-SU-2016:3239 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html SuSE Security Announcement: openSUSE-SU-2017:0061 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html SuSE Security Announcement: openSUSE-SU-2017:0081 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9936 BugTraq ID: 94849 http://www.securityfocus.com/bid/94849 Common Vulnerability Exposure (CVE) ID: CVE-2017-5340 BugTraq ID: 95371 http://www.securityfocus.com/bid/95371 |
Copyright | Copyright (C) 2017 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |