Test Kennung:	1.3.6.1.4.1.25623.1.0.71265
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: php
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: php CVE-2012-0831 PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0831 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html BugTraq ID: 51954 http://www.securityfocus.com/bid/51954 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html RedHat Security Advisories: RHSA-2013:1307 http://rhn.redhat.com/errata/RHSA-2013-1307.html http://secunia.com/advisories/48668 http://secunia.com/advisories/55078 SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html SuSE Security Announcement: SUSE-SU-2012:0472 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://www.ubuntu.com/usn/USN-1358-1 XForce ISS Database: php-magicquotesgpc-sec-bypass(73125) https://exchange.xforce.ibmcloud.com/vulnerabilities/73125 Common Vulnerability Exposure (CVE) ID: CVE-2012-1172 Debian Security Information: DSA-2465 (Google Search) http://www.debian.org/security/2012/dsa-2465 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html HPdes Security Advisory: HPSBUX02791 http://marc.info/?l=bugtraq&m=134012830914727&w=2 HPdes Security Advisory: SSRT100856 http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/ https://bugs.php.net/bug.php?id=48597 https://bugs.php.net/bug.php?id=49683 https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/ https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf http://openwall.com/lists/oss-security/2012/03/13/4 SuSE Security Announcement: SUSE-SU-2012:0598 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html SuSE Security Announcement: SUSE-SU-2012:0604 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.