[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Fw: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and4.2.1

Subject: [cobalt-security] Fw: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and4.2.1
From: "Fragga" <fragga@xxxxxxxxxxxx>
Date: Mon, 22 Jul 2002 08:53:35 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

if your interested.

fragga

----- Original Message -----
From: "Marko Karppinen" <markonen@xxxxxxx>
To: <bugtraq@xxxxxxxxxxxxxxxxx>
Sent: Monday, July 22, 2002 5:59 AM
Subject: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and4.2.1


>
>    PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
>
>
> Issued on: July 22, 2002
> Software:  PHP versions 4.2.0 and 4.2.1
> Platforms: All
>
>
>    The PHP Group has learned of a serious security vulnerability in PHP
>    versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary
>    code with the privileges of the web server. This vulnerability may be
>    exploited to compromise the web server and, under certain conditions,
>    to gain privileged access.
>
>
> Description
>
>    PHP contains code for intelligently parsing the headers of HTTP POST
>    requests. The code is used to differentiate between variables and files
>    sent by the user agent in a "multipart/form-data" request. This parser
>    has insufficient input checking, leading to the vulnerability.
>
>    The vulnerability is exploitable by anyone who can send HTTP POST
>    requests to an affected web server. Both local and remote users, even
>    from behind firewalls, may be able to gain privileged access.
>
>
> Impact
>
>    Both local and remote users may exploit this vulnerability to
compromise
>    the web server and, under certain conditions, to gain privileged
access.
>    So far only the IA32 platform has been verified to be safe from the
>    execution of arbitrary code. The vulnerability can still be used on
IA32
>    to crash PHP and, in most cases, the web server.
>
>
> Solution
>
>    The PHP Group has released a new PHP version, 4.2.2, which incorporates
>    a fix for the vulnerability. All users of affected PHP versions are
>    encouraged to upgrade to this latest version. The downloads web site at
>
>       http://www.php.net/downloads.php
>
>    has the new 4.2.2 source tarballs, Windows binaries and source patches
>    from 4.2.0 and 4.2.1 available for download.
>
>
> Workaround
>
>    If the PHP applications on an affected web server do not rely on HTTP
>    POST input from user agents, it is often possible to deny POST requests
>    on the web server.
>
>    In the Apache web server, for example, this is possible with the
>    following code included in the main configuration file or a top-level
>    .htaccess file:
>
>       <Limit POST>
>           Order deny,allow
>           Deny from all
>       </Limit>
>
>    Note that an existing configuration and/or .htaccess file may have
>    parameters contradicting the example given above.
>
>
> Credits
>
>    The PHP Group would like to thank Stefan Esser of e-matters GmbH for
>    discovering this vulnerability.
>
>
> Copyright (c) 2002 The PHP Group.
>
>

Prev by Date: Re: [cobalt-security] Qube 3 Squid runs as Open Relay Proxy by default
Next by Date: [cobalt-security] RaQ3 Apache 1.3.26
Previous by thread: Re: [cobalt-security] Qube 3 Squid runs as Open Relay Proxy by default
Next by thread: [cobalt-security] RaQ3 Apache 1.3.26

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index