FrSIRT - Mandriva Security Update Fixes PHP-APC Buffer Overflow Vulnerability / Exploit

French Security Incident Response Team

Français

English

Mandriva Security Update Fixes PHP-APC Buffer Overflow Vulnerability

Date de Publication : 2008-04-14 © FrSIRT.COM
Titre : Mandriva Security Update Fixes PHP-APC Buffer Overflow Vulnerability
Identifiant : FrSIRT/AVIS-2008-1199
CVE ID : CVE-2008-1488
Risque : Modéré (2/4) -

Exploitable à distance : Oui
Exploitable en local : Oui

En savoir plus

Description

Produits affectés

Solution

Références

Description Technique

Une vulnérabilité a été identifiée dans Mandriva, elle pourrait être exploitée par des attaquants distants afin de compromettre un système vulnérable [...]

Solution

Installer les mises à jour :

Corporate 4.0:
f8a3b00e540d1227a01859a0eb5b8308 corporate/4.0/i586/php4-apc-3.0.11-1.1.20060mlcs4.i586.rpm
f515e731577e4848c5442a39cfec3bb3 corporate/4.0/i586/php4-apc-admin-3.0.11-1.1.20060mlcs4.i586.rpm
a3d785f83389bfd7a06e1c7c7ff1e0ba corporate/4.0/i586/php-apc-3.0.11-2.1.20060mlcs4.i586.rpm
7dc5b581c14fcca3c6c4bb07b93a0370 corporate/4.0/i586/php-apc-admin-3.0.11-2.1.20060mlcs4.i586.rpm
90c85cef2bc50c175cad42f80aefd116 corporate/4.0/SRPMS/php4-apc-3.0.11-1.1.20060mlcs4.src.rpm
90ce6133b0964a41b8b2fd7880af84e0 corporate/4.0/SRPMS/php-apc-3.0.11-2.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
4d58c491a9cc42cde58f519f35794c8f corporate/4.0/x86_64/php4-apc-3.0.11-1.1.20060mlcs4.x86_64.rpm
3f53d18d2c29d88aa7e1c5ccf45d255f corporate/4.0/x86_64/php4-apc-admin-3.0.11-1.1.20060mlcs4.x86_64.rpm
468eb332b10101d0051af4696c6b4f6f corporate/4.0/x86_64/php-apc-3.0.11-2.1.20060mlcs4.x86_64.rpm
3be0fb797e4eb676d6374a26463e6541 corporate/4.0/x86_64/php-apc-admin-3.0.11-2.1.20060mlcs4.x86_64.rpm
90c85cef2bc50c175cad42f80aefd116 corporate/4.0/SRPMS/php4-apc-3.0.11-1.1.20060mlcs4.src.rpm
90ce6133b0964a41b8b2fd7880af84e0 corporate/4.0/SRPMS/php-apc-3.0.11-2.1.20060mlcs4.src.rpm

Historique

2008-04-14 : Version Initiale

Recevez les bulletins FrSIRT

Le service FrSIRT VNS permet aux professionnels de la sécurité (RSSI, DSI, administrateurs et consultants) de recevoir en temps-réel, par email, SMS et flux RSS/XML, des bulletins de vulnérabilités complets, détaillés et personnalisés.

Recherche

Newsletter

	Apple Mac OS X Code Execution Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution Vulnerabilities
	Apple iPhone Code Execution Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution Vulnerabilities

	Mozilla Products Code Execution Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution Vulnerabilities
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

	Microsoft Windows Kernel Local Integer Overflow Vulnerability
	Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
	Microsoft Office OneNote URL Code Execution (MS08-055)
	Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)
	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)