Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.842265
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu Update for php5 USN-2658-1
Zusammenfassung:The remote host is missing an update for the 'php5'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'php5'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Neal Poole and Tomas Hoger discovered that
PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly
use this issue to bypass intended restrictions and create or obtain access to
sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,
CVE-2015-4598)

Emmanuel Law discovered that the PHP phar extension incorrectly handled
filenames starting with a NULL byte. A remote attacker could use this issue
with a crafted tar archive to cause a denial of service. (CVE-2015-4021)

Max Spelsberg discovered that PHP incorrectly handled the LIST command
when connecting to remote FTP servers. A malicious FTP server could
possibly use this issue to execute arbitrary code. (CVE-2015-4022,
CVE-2015-4643)

Shusheng Liu discovered that PHP incorrectly handled certain malformed form
data. A remote attacker could use this issue with crafted form data to
cause CPU consumption, leading to a denial of service. (CVE-2015-4024)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated
data types. A remote attacker could use this issue with crafted serialized
data to possibly execute arbitrary code. (CVE-2015-4147)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated
that the uri property is a string. A remote attacker could use this issue
with crafted serialized data to possibly obtain sensitive information.
(CVE-2015-4148)

Taoguang Chen discovered that PHP incorrectly validated data types in
multiple locations. A remote attacker could possibly use these issues to
obtain sensitive information or cause a denial of service. (CVE-2015-4599,
CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was discovered that the PHP Fileinfo component incorrectly handled
certain files. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service. This issue only affected Ubuntu
15.04. (CVE-2015-4604, CVE-2015-4605)

It was discovered that PHP incorrectly handled table names in
php_pgsql_meta_data. A local attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. (CVE-2015-4644)

Affected Software/OS:
php5 on Ubuntu 14.10,
Ubuntu 14.04 LTS,
Ubuntu 12.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-3411
BugTraq ID: 75255
http://www.securityfocus.com/bid/75255
RedHat Security Advisories: RHSA-2015:1135
http://rhn.redhat.com/errata/RHSA-2015-1135.html
RedHat Security Advisories: RHSA-2015:1186
http://rhn.redhat.com/errata/RHSA-2015-1186.html
RedHat Security Advisories: RHSA-2015:1187
http://rhn.redhat.com/errata/RHSA-2015-1187.html
RedHat Security Advisories: RHSA-2015:1218
http://rhn.redhat.com/errata/RHSA-2015-1218.html
http://www.securitytracker.com/id/1032709
Common Vulnerability Exposure (CVE) ID: CVE-2015-3412
BugTraq ID: 75250
http://www.securityfocus.com/bid/75250
Common Vulnerability Exposure (CVE) ID: CVE-2015-4025
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 74904
http://www.securityfocus.com/bid/74904
Debian Security Information: DSA-3280 (Google Search)
http://www.debian.org/security/2015/dsa-3280
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html
https://security.gentoo.org/glsa/201606-10
RedHat Security Advisories: RHSA-2015:1219
http://rhn.redhat.com/errata/RHSA-2015-1219.html
http://www.securitytracker.com/id/1032431
Common Vulnerability Exposure (CVE) ID: CVE-2015-4026
BugTraq ID: 75056
http://www.securityfocus.com/bid/75056
SuSE Security Announcement: openSUSE-SU-2015:0993 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-4598
BugTraq ID: 75244
http://www.securityfocus.com/bid/75244
Debian Security Information: DSA-3344 (Google Search)
http://www.debian.org/security/2015/dsa-3344
http://www.openwall.com/lists/oss-security/2015/06/16/12
Common Vulnerability Exposure (CVE) ID: CVE-2015-4021
BugTraq ID: 74700
http://www.securityfocus.com/bid/74700
http://www.securitytracker.com/id/1032433
Common Vulnerability Exposure (CVE) ID: CVE-2015-4022
BugTraq ID: 74902
http://www.securityfocus.com/bid/74902
Common Vulnerability Exposure (CVE) ID: CVE-2015-4643
BugTraq ID: 75291
http://www.securityfocus.com/bid/75291
http://openwall.com/lists/oss-security/2015/06/18/6
Common Vulnerability Exposure (CVE) ID: CVE-2015-4024
BugTraq ID: 74903
http://www.securityfocus.com/bid/74903
http://www.securitytracker.com/id/1032432
Common Vulnerability Exposure (CVE) ID: CVE-2015-4147
BugTraq ID: 73357
http://www.securityfocus.com/bid/73357
http://openwall.com/lists/oss-security/2015/06/01/4
RedHat Security Advisories: RHSA-2015:1053
http://rhn.redhat.com/errata/RHSA-2015-1053.html
RedHat Security Advisories: RHSA-2015:1066
http://rhn.redhat.com/errata/RHSA-2015-1066.html
http://www.securitytracker.com/id/1032459
SuSE Security Announcement: SUSE-SU-2015:0868 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-4148
BugTraq ID: 75103
http://www.securityfocus.com/bid/75103
SuSE Security Announcement: openSUSE-SU-2015:1057 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00028.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-4599
BugTraq ID: 75251
http://www.securityfocus.com/bid/75251
Common Vulnerability Exposure (CVE) ID: CVE-2015-4600
BugTraq ID: 74413
http://www.securityfocus.com/bid/74413
Common Vulnerability Exposure (CVE) ID: CVE-2015-4601
BugTraq ID: 75246
http://www.securityfocus.com/bid/75246
Common Vulnerability Exposure (CVE) ID: CVE-2015-4602
BugTraq ID: 75249
http://www.securityfocus.com/bid/75249
Common Vulnerability Exposure (CVE) ID: CVE-2015-4603
BugTraq ID: 75252
http://www.securityfocus.com/bid/75252
Common Vulnerability Exposure (CVE) ID: CVE-2015-4604
BugTraq ID: 75241
http://www.securityfocus.com/bid/75241
Common Vulnerability Exposure (CVE) ID: CVE-2015-4605
BugTraq ID: 75233
http://www.securityfocus.com/bid/75233
Common Vulnerability Exposure (CVE) ID: CVE-2015-4644
BugTraq ID: 75292
http://www.securityfocus.com/bid/75292
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.