Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200511-08 ] PHP: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663

PostPosted: Sun Nov 13, 2005 5:09 pm    Post subject: [ GLSA 200511-08 ] PHP: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: PHP: Multiple vulnerabilities (GLSA 200511-08)
Severity: normal
Exploitable: remote and local
Date: November 13, 2005
Bug(s): #107602, #111032
ID: 200511-08

Synopsis

PHP suffers from multiple issues, resulting in security functions bypass, local Denial of service, cross-site scripting or PHP variables overwrite.

Background

PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the mod_php module or the CGI version and also stand-alone in a CLI.

Affected Packages

Package: dev-php/php
Vulnerable: < 4.4.0-r4
Unaffected: >= 4.3.11-r4 < 4.3.12
Unaffected: >= 4.4.0-r4
Architectures: All supported architectures

Package: dev-php/mod_php
Vulnerable: < 4.4.0-r8
Unaffected: >= 4.3.11-r4 < 4.3.12
Unaffected: >= 4.4.0-r8
Architectures: All supported architectures

Package: dev-php/php-cgi
Vulnerable: < 4.4.0-r5
Unaffected: >= 4.3.11-r5 < 4.3.12
Unaffected: >= 4.4.0-r5
Architectures: All supported architectures


Description

Multiple vulnerabilities have been found and fixed in PHP:
  • a possible $GLOBALS variable overwrite problem through file upload handling, extract() and import_request_variables() (CVE-2005-3390)
  • a local Denial of Service through the use of the session.save_path option (CVE-2005-3319)
  • an issue with trailing slashes in allowed basedirs (CVE-2005-3054)
  • an issue with calling virtual() on Apache 2, allowing to bypass safe_mode and open_basedir restrictions (CVE-2005-3392)
  • a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls (CVE-2005-3389)
  • The curl and gd modules allowed to bypass the safe mode open_basedir restrictions (CVE-2005-3391)
  • a cross-site scripting (XSS) vulnerability in phpinfo() (CVE-2005-3388)


Impact

Attackers could leverage these issues to exploit applications that are assumed to be secure through the use of proper register_globals, safe_mode or open_basedir parameters. Remote attackers could also conduct cross-site scripting attacks if a page calling phpinfo() was available. Finally, a local attacker could cause a local Denial of Service using malicious session.save_path options.

Workaround

There is no known workaround that would solve all issues at this time.

Resolution

All PHP users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose dev-php/php
All mod_php users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose dev-php/mod_php
All php-cgi users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose dev-php/php-cgi


References

CVE-2005-3054
CVE-2005-3319
CVE-2005-3388
CVE-2005-3389
CVE-2005-3390
CVE-2005-3391
CVE-2005-3392


Last edited by GLSA on Sun May 07, 2006 4:59 pm; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum