Security-Alerts mailing list archive (email@example.com)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA28318] PHP Multiple Vulnerabilities
> PHP Multiple Vulnerabilities
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Moderately critical
> Unknown, Security Bypass
> From remote
> PHP 4.4.x
> Some vulnerabilities have been reported in PHP, where some have
> unknown impact and others can be exploited by malicious users to
> bypass certain security restrictions.
> 1) An integer overflow error exists in the "chunk_split()" function.
> This may be related to vulnerability #1 in:
> 2) Integer overflow errors exists in the "strcspn()" and "strspn()"
> 3) A regression error related to the "glob()" function exist, which
> can potentially be exploited to bypass the "open_basedir" directive.
> 4) An error exists within the handling of SQL queries containing
> "LOCAL INFILE" inside the MySQL extension. This can be exploited to
> bypass the "open_basedir" and "safe_mode" directives.
> This is related to vulnerability #5 in:
> 5) An error exists when processing "session_save_path" and
> "error_log" values, which can be exploited to bypass the
> "open_basedir" and "safe_mode" directives.
> The vulnerabilities are reported in versions prior to 4.4.8.
> Update to version 4.4.8.
> PROVIDED AND/OR DISCOVERED BY:
> 1) The vendor credits Gerhard Wagner.
> ORIGINAL ADVISORY:
> OTHER REFERENCES: