Boletines de Vulnerabilidades |
Revelación de información en PHP |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | official+tested |
Impacto | Aumento de la visibilidad |
Dificultad | Principiante |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | PHP < 5.1.3-RC1 |
Descripción |
|
Se ha descubierto una vulnerabilidad en PHP versión anterior a 5.1.3-RC1. La vulnerabilidad reside en un error en un script que procesa entradas del usuario en la función "html_entity_decode" y envía los datos codificados de vuelta al usuario. Un atacante remoto podría obtener información de la memoria mediante una petición especialmente diseñada. |
|
Solución |
|
Actualización de software Mandriva Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmcorporate/3.0/RPMS/libphp_common432-4.3.4-4.12.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmcorporate/3.0/RPMS/php432-devel-4.3.4-4.12.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmcorporate/3.0/RPMS/php-cgi-4.3.4-4.12.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmcorporate/3.0/RPMS/php-cli-4.3.4-4.12.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmcorporate/3.0/SRPMS/php-4.3.4-4.12.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.12.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.12.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.12.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.12.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/corporate/3.0/SRPMS/php-4.3.4-4.12.C30mdk.src.rpm Multi Network Firewall 2.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmmnf/2.0/RPMS/libphp_common432-4.3.4-4.12.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmmnf/2.0/RPMS/php432-devel-4.3.4-4.12.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmmnf/2.0/RPMS/php-cgi-4.3.4-4.12.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmmnf/2.0/RPMS/php-cli-4.3.4-4.12.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmmnf/2.0/SRPMS/php-4.3.4-4.12.M20mdk.src.rpm Mandrivalinux LE2005 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm10.2/RPMS/libphp_common432-4.3.10-7.8.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm10.2/RPMS/php432-devel-4.3.10-7.8.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm10.2/RPMS/php-cgi-4.3.10-7.8.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm10.2/RPMS/php-cli-4.3.10-7.8.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm10.2/SRPMS/php-4.3.10-7.8.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/10.2/RPMS/lib64php_common432-4.3.10-7.8.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/10.2/RPMS/php432-devel-4.3.10-7.8.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/10.2/RPMS/php-cgi-4.3.10-7.8.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/10.2/RPMS/php-cli-4.3.10-7.8.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/10.2/SRPMS/php-4.3.10-7.8.102mdk.src.rpm Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm2006.0/RPMS/libphp5_common5-5.0.4-9.4.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm2006.0/RPMS/php-cgi-5.0.4-9.4.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm2006.0/RPMS/php-cli-5.0.4-9.4.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm2006.0/RPMS/php-devel-5.0.4-9.4.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm2006.0/RPMS/php-fcgi-5.0.4-9.4.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpm2006.0/SRPMS/php-5.0.4-9.4.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.4.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/2006.0/RPMS/php-cgi-5.0.4-9.4.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/2006.0/RPMS/php-cli-5.0.4-9.4.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/2006.0/RPMS/php-devel-5.0.4-9.4.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/2006.0/RPMS/php-fcgi-5.0.4-9.4.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.9.100mdk.i586.rpmx86_64/2006.0/SRPMS/php-5.0.4-9.4.20060mdk.src.rpm Red Hat Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux SGI Advanced Linux Environment 3 / RPM / Patch 10310 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10310 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS Apple Security Update 2006-007 http://www.apple.com/support/downloads/securityupdate20060071039client.html http://www.apple.com/support/downloads/securityupdate20060071039server.html http://www.apple.com/support/downloads/securityupdate20060071048clientintel.html http://www.apple.com/support/downloads/securityupdate20060071048clientppc.html http://www.apple.com/support/downloads/securityupdate20060071048serverppc.html http://www.apple.com/support/downloads/securityupdate20060071048serveruniversal.html |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2006-1490 |
BID | 17296 |
Recursos adicionales |
|
Mandriva Security Advisory (MDKSA-2006:063) http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:063 Red Hat Security Advisory (RHSA-2006:0276-9) https://rhn.redhat.com/errata/RHSA-2006-0276.html SUSE Security Advisory (SUSE-SA:2006:024) http://www.novell.com/linux/security/advisories/05-05-2006.html SGI Security Advisory (20060501-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc Apple Security Update 2006-007 (304829) http://docs.info.apple.com/article.html?artnum=304829 |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2006-04-04 |
1.1 | Aviso emitido por Red Hat (RHSA-2006:0276-9) | 2006-04-26 |
1.2 | Aviso emitido por Suse (SUSE-SA:2006:024) | 2006-05-12 |
1.3 | Aviso emitido por SGI (20060501-01-U) | 2006-05-30 |
1.4 | Aviso emitido por Apple (304829) | 2006-12-04 |