Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA28318] PHP Multiple Vulnerabilities
>
> TITLE:
> PHP Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA28318
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28318/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> Unknown, Security Bypass
>
> WHERE:
> From remote
>
> SOFTWARE:
> PHP 4.4.x
> http://secunia.com/product/5768/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in PHP, where some have
> unknown impact and others can be exploited by malicious users to
> bypass certain security restrictions.
>
> 1) An integer overflow error exists in the "chunk_split()" function.
>
> This may be related to vulnerability #1 in:
> SA25456
>
> 2) Integer overflow errors exists in the "strcspn()" and "strspn()"
> functions.
>
> 3) A regression error related to the "glob()" function exist, which
> can potentially be exploited to bypass the "open_basedir" directive.
>
> 4) An error exists within the handling of SQL queries containing
> "LOCAL INFILE" inside the MySQL extension. This can be exploited to
> bypass the "open_basedir" and "safe_mode" directives.
>
> This is related to vulnerability #5 in:
> SA26642
>
> 5) An error exists when processing "session_save_path" and
> "error_log" values, which can be exploited to bypass the
> "open_basedir" and "safe_mode" directives.
>
> The vulnerabilities are reported in versions prior to 4.4.8.
>
> SOLUTION:
> Update to version 4.4.8.
> http://www.php.net/downloads.php
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) The vendor credits Gerhard Wagner.
>
> ORIGINAL ADVISORY:
> http://www.php.net/releases/4_4_8.php
>
> OTHER REFERENCES:
> SA25456:
> http://secunia.com/advisories/25456/
>
> SA26642:
> http://secunia.com/advisories/26642/
>
|
