Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.840564
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu Update for php5 vulnerabilities USN-1042-1
Zusammenfassung:Ubuntu Update for Linux kernel vulnerabilities USN-1042-1
Beschreibung:Summary:
Ubuntu Update for Linux kernel vulnerabilities USN-1042-1

Vulnerability Insight:
It was discovered that an integer overflow in the XML UTF-8 decoding
code could allow an attacker to bypass cross-site scripting (XSS)
protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS,
and Ubuntu 9.10. (CVE-2009-5016)

It was discovered that the XML UTF-8 decoding code did not properly
handle non-shortest form UTF-8 encoding and ill-formed subsequences
in UTF-8 data, which could allow an attacker to bypass cross-site
scripting (XSS) protections. (CVE-2010-3870)

It was discovered that attackers might be able to bypass open_basedir()
restrictions by passing a specially crafted filename. (CVE-2010-3436)

Maksymilian Arciemowicz discovered that a NULL pointer dereference in the
ZIP archive handling code could allow an attacker to cause a denial
of service through a specially crafted ZIP archive. This issue only
affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu
10.10. (CVE-2010-3709)

It was discovered that a stack consumption vulnerability in the
filter_var() PHP function when in FILTER_VALIDATE_EMAIL mode, could
allow a remote attacker to cause a denial of service. This issue
only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and
Ubuntu 10.10. (CVE-2010-3710)

It was discovered that the mb_strcut function in the Libmbfl
library within PHP could allow an attacker to read arbitrary memory
within the application process. This issue only affected Ubuntu
10.10. (CVE-2010-4156)

Maksymilian Arciemowicz discovered that an integer overflow in the
NumberFormatter::getSymbol function could allow an attacker to cause
a denial of service. This issue only affected Ubuntu 10.04 LTS and
Ubuntu 10.10. (CVE-2010-4409)

Rick Regan discovered that when handing PHP textual representations
of the largest subnormal double-precision floating-point number,
the zend_strtod function could go into an infinite loop on 32bit
x86 processors, allowing an attacker to cause a denial of service.
(CVE-2010-4645)

Affected Software/OS:
php5 vulnerabilities on Ubuntu 6.06 LTS,
Ubuntu 8.04 LTS,
Ubuntu 9.10,
Ubuntu 10.04 LTS,
Ubuntu 10.10

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-5016
BugTraq ID: 44889
http://www.securityfocus.com/bid/44889
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf
http://www.redhat.com/support/errata/RHSA-2010-0919.html
http://www.redhat.com/support/errata/RHSA-2011-0195.html
http://secunia.com/advisories/42410
http://secunia.com/advisories/42812
http://www.ubuntu.com/usn/USN-1042-1
http://www.vupen.com/english/advisories/2010/3081
http://www.vupen.com/english/advisories/2011/0020
http://www.vupen.com/english/advisories/2011/0021
http://www.vupen.com/english/advisories/2011/0077
Common Vulnerability Exposure (CVE) ID: CVE-2010-3436
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 44723
http://www.securityfocus.com/bid/44723
http://www.mandriva.com/security/advisories?name=MDVSA-2010:218
http://secunia.com/advisories/42729
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619
http://www.vupen.com/english/advisories/2010/3313
Common Vulnerability Exposure (CVE) ID: CVE-2010-3709
BugTraq ID: 44718
http://www.securityfocus.com/bid/44718
http://www.exploit-db.com/exploits/15431
HPdes Security Advisory: HPSBMA02662
http://marc.info/?l=bugtraq&m=130331363227777&w=2
HPdes Security Advisory: HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
HPdes Security Advisory: SSRT100409
HPdes Security Advisory: SSRT100826
http://www.securitytracker.com/id?1024690
http://securityreason.com/achievement_securityalert/90
Common Vulnerability Exposure (CVE) ID: CVE-2010-3710
BugTraq ID: 43926
http://www.securityfocus.com/bid/43926
http://www.redhat.com/support/errata/RHSA-2011-0196.html
http://secunia.com/advisories/43189
SuSE Security Announcement: SUSE-SR:2010:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-3870
BugTraq ID: 44605
http://www.securityfocus.com/bid/44605
http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224
http://bugs.php.net/bug.php?id=48230
http://us2.php.net/manual/en/function.utf8-decode.php#83935
http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/
http://www.openwall.com/lists/oss-security/2010/11/02/11
http://www.openwall.com/lists/oss-security/2010/11/02/2
http://www.openwall.com/lists/oss-security/2010/11/02/4
http://www.openwall.com/lists/oss-security/2010/11/02/6
http://www.openwall.com/lists/oss-security/2010/11/02/8
http://www.openwall.com/lists/oss-security/2010/11/02/1
http://www.openwall.com/lists/oss-security/2010/11/03/1
http://www.securitytracker.com/id?1024797
Common Vulnerability Exposure (CVE) ID: CVE-2010-4156
BugTraq ID: 44727
http://www.securityfocus.com/bid/44727
http://www.mandriva.com/security/advisories?name=MDVSA-2010:225
http://pastie.org/1279428
http://pastie.org/1279682
http://www.openwall.com/lists/oss-security/2010/11/07/2
http://www.openwall.com/lists/oss-security/2010/11/08/13
http://secunia.com/advisories/42135
Common Vulnerability Exposure (CVE) ID: CVE-2010-4409
BugTraq ID: 45119
http://www.securityfocus.com/bid/45119
Bugtraq: 20101210 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow (Google Search)
http://www.securityfocus.com/archive/1/515142/100/0/threaded
CERT/CC vulnerability note: VU#479900
http://www.kb.cert.org/vuls/id/479900
http://www.exploit-db.com/exploits/15722
http://www.mandriva.com/security/advisories?name=MDVSA-2010:254
http://www.mandriva.com/security/advisories?name=MDVSA-2010:255
http://secunia.com/advisories/47674
SuSE Security Announcement: openSUSE-SU-2012:0100 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-4645
BugTraq ID: 45668
http://www.securityfocus.com/bid/45668
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.html
HPdes Security Advisory: HPSBMU02752
http://marc.info/?l=bugtraq&m=133226187115472&w=2
HPdes Security Advisory: SSRT100802
http://hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdf
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=266327&r2=307095&pathrev=307095
http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/
http://www.openwall.com/lists/oss-security/2011/01/05/8
http://www.openwall.com/lists/oss-security/2011/01/05/2
http://www.openwall.com/lists/oss-security/2011/01/06/5
http://secunia.com/advisories/42843
http://secunia.com/advisories/43051
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.484686
http://www.vupen.com/english/advisories/2011/0060
http://www.vupen.com/english/advisories/2011/0066
http://www.vupen.com/english/advisories/2011/0198
XForce ISS Database: php-zendstrtod-dos(64470)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64470
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.