Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200412-14 ] PHP: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Bodhisattva
Bodhisattva


Joined: 25 Feb 2003
Posts: 3827
Location: Essen, Germany

PostPosted: Sun Dec 19, 2004 2:10 pm    Post subject: [ GLSA 200412-14 ] PHP: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: PHP: Multiple vulnerabilities (GLSA 200412-14)
Severity: high
Exploitable: remote
Date: December 19, 2004
Updated: May 22, 2006
Bug(s): #74547
ID: 200412-14

Synopsis

Several vulnerabilities were found and fixed in PHP, ranging from an information leak and a safe_mode restriction bypass to a potential remote execution of arbitrary code.

Background

PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the mod_php module or the CGI version of PHP, or can run stand-alone in a CLI.

Affected Packages

Package: dev-php/php
Vulnerable: < 4.3.10
Unaffected: >= 4.3.10
Architectures: All supported architectures

Package: dev-php/mod_php
Vulnerable: < 4.3.10
Unaffected: >= 4.3.10
Architectures: All supported architectures

Package: dev-php/php-cgi
Vulnerable: < 4.3.10
Unaffected: >= 4.3.10
Architectures: All supported architectures


Description

Stefan Esser and Marcus Boerger reported several different issues in the unserialize() function, including serious exploitable bugs in the way it handles negative references (CAN-2004-1019). Stefan Esser also discovered that the pack() and unpack() functions are subject to integer overflows that can lead to a heap buffer overflow and a heap information leak. Finally, he found that the way multithreaded PHP handles safe_mode_exec_dir restrictions can be bypassed, and that various path truncation issues also allow to bypass path and safe_mode restrictions. Ilia Alshanetsky found a stack overflow issue in the exif_read_data() function (CAN-2004-1065). Finally, Daniel Fabian found that addslashes and magic_quotes_gpc do not properly escape null characters and that magic_quotes_gpc contains a bug that could lead to one level directory traversal.

Impact

These issues could be exploited by a remote attacker to retrieve web server heap information, bypass safe_mode or path restrictions and potentially execute arbitrary code with the rights of the web server running a PHP application.

Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/php-4.3.10"
All mod_php users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/mod_php-4.3.10"
All php-cgi users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/php-cgi-4.3.10"


References

PHP 4.3.10 Release Announcement
Hardened-PHP Security Advisory
SEC Consult Advisory
CAN-2004-1019
CAN-2004-1020
CVE-2004-1063
CVE-2004-1064
CVE-2004-1065


Last edited by GLSA on Mon Mar 09, 2009 4:16 am; edited 4 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum