Test Kennung:	1.3.6.1.4.1.25623.1.0.57490
Kategorie:	SuSE Local Security Checks
Titel:	SuSE Security Advisory SUSE-SA:2006:059 (php4,php5)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory SUSE-SA:2006:059. The ini_restore() method could be exploited to reset options such as open_basedir when set via the web server config file to their default value set in php.ini (CVE-2006-4625). Additionally php5 on all products as well as php4 on SLES8 were vulnerable to an integer overflow problem in the memory allocation routine. This bug can be exploited to execute arbitrary code with the uid of the web server (CVE-2006-4812). Thanks to Stefan Esser for reporting the problem. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2006:059 Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4625 BugTraq ID: 19933 http://www.securityfocus.com/bid/19933 Bugtraq: 20060913 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() (Google Search) http://www.securityfocus.com/archive/1/445712/100/0/threaded http://www.securityfocus.com/archive/1/445882/100/0/threaded HPdes Security Advisory: HPSBMA02215 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 HPdes Security Advisory: HPSBTU02232 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 HPdes Security Advisory: SSRT071423 HPdes Security Advisory: SSRT071429 http://www.mandriva.com/security/advisories?name=MDKSA-2006:185 http://www.securityfocus.com/archive/1/448953/100/0/threaded http://secunia.com/advisories/22282 http://secunia.com/advisories/22331 http://secunia.com/advisories/22338 http://secunia.com/advisories/22424 http://secunia.com/advisories/25423 http://secunia.com/advisories/25850 http://securityreason.com/securityalert/1519 http://securityreason.com/achievement_securityalert/42 SuSE Security Announcement: SUSE-SA:2006:059 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html TurboLinux Advisory: TLSA-2006-38 http://www.turbolinux.com/security/2006/TLSA-2006-38.txt http://www.ubuntu.com/usn/usn-362-1 http://www.vupen.com/english/advisories/2007/1991 http://www.vupen.com/english/advisories/2007/2374 XForce ISS Database: php-inirestore-security-bypass(28853) https://exchange.xforce.ibmcloud.com/vulnerabilities/28853 Common Vulnerability Exposure (CVE) ID: CVE-2006-4812 BugTraq ID: 20349 http://www.securityfocus.com/bid/20349 Bugtraq: 20061009 Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow (Google Search) http://www.securityfocus.com/archive/1/448014/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml http://www.hardened-php.net/advisory_092006.133.html RedHat Security Advisories: RHSA-2006:0688 http://rhn.redhat.com/errata/RHSA-2006-0688.html RedHat Security Advisories: RHSA-2006:0708 http://rhn.redhat.com/errata/RHSA-2006-0708.html http://securitytracker.com/id?1016984 http://secunia.com/advisories/22280 http://secunia.com/advisories/22281 http://secunia.com/advisories/22300 http://secunia.com/advisories/22533 http://secunia.com/advisories/22538 http://secunia.com/advisories/22650 http://securityreason.com/securityalert/1691 http://www.trustix.org/errata/2006/0055 http://www.vupen.com/english/advisories/2006/3922 XForce ISS Database: php-ecalloc-integer-overflow(29362) https://exchange.xforce.ibmcloud.com/vulnerabilities/29362
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.