Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.57448
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2006:0708
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0708.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

An integer overflow was discovered in the PHP memory handling routines. If
a script can cause memory allocation based on untrusted user data, a remote
attacker sending a carefully crafted request could execute arbitrary code
as the 'apache' user. (CVE-2006-4812)

This issue did not affect the PHP packages distributed with Red Hat
Enterprise Linux 3 or 4.

Users of PHP should upgrade to these updated packages which contain a
backported patch that corrects this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0708.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical

CVSS Score:
10.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-4812
BugTraq ID: 20349
http://www.securityfocus.com/bid/20349
Bugtraq: 20061009 Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow (Google Search)
http://www.securityfocus.com/archive/1/448014/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml
http://www.hardened-php.net/advisory_092006.133.html
http://www.securityfocus.com/archive/1/448953/100/0/threaded
RedHat Security Advisories: RHSA-2006:0688
http://rhn.redhat.com/errata/RHSA-2006-0688.html
RedHat Security Advisories: RHSA-2006:0708
http://rhn.redhat.com/errata/RHSA-2006-0708.html
http://securitytracker.com/id?1016984
http://secunia.com/advisories/22280
http://secunia.com/advisories/22281
http://secunia.com/advisories/22300
http://secunia.com/advisories/22331
http://secunia.com/advisories/22338
http://secunia.com/advisories/22533
http://secunia.com/advisories/22538
http://secunia.com/advisories/22650
http://securityreason.com/securityalert/1691
SuSE Security Announcement: SUSE-SA:2006:059 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html
http://www.trustix.org/errata/2006/0055
http://www.ubuntu.com/usn/usn-362-1
http://www.vupen.com/english/advisories/2006/3922
XForce ISS Database: php-ecalloc-integer-overflow(29362)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29362
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.