Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200811-05 ] PHP: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1471

PostPosted: Sun Nov 16, 2008 4:26 pm    Post subject: [ GLSA 200811-05 ] PHP: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: PHP: Multiple vulnerabilities (GLSA 200811-05)
Severity: normal
Exploitable: remote
Date: November 16, 2008
Bug(s): #209148, #212211, #215266, #228369, #230575, #234102
ID: 200811-05

Synopsis

PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected Packages

Package: dev-lang/php
Vulnerable: < 5.2.6-r6
Unaffected: >= 5.2.6-r6
Architectures: All supported architectures


Description

Several vulnerabilitites were found in PHP:
  • PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security restrictions or even for remote code execution in case of an application which accepts user-supplied regular expressions (CVE-2008-0674).
  • Multiple crash issues in several PHP functions have been discovered.
  • Ryan Permeh reported that the init_request_info() function in sapi/cgi/cgi_main.c does not properly consider operator precedence when calculating the length of PATH_TRANSLATED (CVE-2008-0599).
  • An off-by-one error in the metaphone() function may lead to memory corruption.
  • Maksymilian Arciemowicz of SecurityReason Research reported an integer overflow, which is triggerable using printf() and related functions (CVE-2008-1384).
  • Andrei Nigmatulin reported a stack-based buffer overflow in the FastCGI SAPI, which has unknown attack vectors (CVE-2008-2050).
  • Stefan Esser reported that PHP does not correctly handle multibyte characters inside the escapeshellcmd() function, which is used to sanitize user input before its usage in shell commands (CVE-2008-2051).
  • Stefan Esser reported that a short-coming in PHP's algorithm of seeding the random number generator might allow for predictible random numbers (CVE-2008-2107, CVE-2008-2108).
  • The IMAP extension in PHP uses obsolete c-client API calls making it vulnerable to buffer overflows as no bounds checking can be done (CVE-2008-2829).
  • Tavis Ormandy reported a heap-based buffer overflow in pcre_compile.c in the PCRE version shipped by PHP when processing user-supplied regular expressions (CVE-2008-2371).
  • CzechSec reported that specially crafted font files can lead to an overflow in the imageloadfont() function in ext/gd/gd.c, which is part of the GD extension (CVE-2008-3658).
  • Maksymilian Arciemowicz of SecurityReason Research reported that a design error in PHP's stream wrappers allows to circumvent safe_mode checks in several filesystem-related PHP functions (CVE-2008-2665, CVE-2008-2666).
  • Laurent Gaffie discovered a buffer overflow in the internal memnstr() function, which is used by the PHP function explode() (CVE-2008-3659).
  • An error in the FastCGI SAPI when processing a request with multiple dots preceding the extension (CVE-2008-3660).


Impact

These vulnerabilities might allow a remote attacker to execute arbitrary code, to cause a Denial of Service, to circumvent security restrictions, to disclose information, and to manipulate files.

Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.6-r6"


References

CVE-2008-0599
CVE-2008-0674
CVE-2008-1384
CVE-2008-2050
CVE-2008-2051
CVE-2008-2107
CVE-2008-2108
CVE-2008-2371
CVE-2008-2665
CVE-2008-2666
CVE-2008-2829
CVE-2008-3658
CVE-2008-3659
CVE-2008-3660


Last edited by GLSA on Thu Jul 30, 2009 4:18 am; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum