[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Fw: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and4.2.1
- Subject: [cobalt-security] Fw: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and4.2.1
- From: "Fragga" <fragga@xxxxxxxxxxxx>
- Date: Mon, 22 Jul 2002 08:53:35 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
if your interested.
fragga
----- Original Message -----
From: "Marko Karppinen" <markonen@xxxxxxx>
To: <bugtraq@xxxxxxxxxxxxxxxxx>
Sent: Monday, July 22, 2002 5:59 AM
Subject: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and4.2.1
>
> PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
>
>
> Issued on: July 22, 2002
> Software: PHP versions 4.2.0 and 4.2.1
> Platforms: All
>
>
> The PHP Group has learned of a serious security vulnerability in PHP
> versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary
> code with the privileges of the web server. This vulnerability may be
> exploited to compromise the web server and, under certain conditions,
> to gain privileged access.
>
>
> Description
>
> PHP contains code for intelligently parsing the headers of HTTP POST
> requests. The code is used to differentiate between variables and files
> sent by the user agent in a "multipart/form-data" request. This parser
> has insufficient input checking, leading to the vulnerability.
>
> The vulnerability is exploitable by anyone who can send HTTP POST
> requests to an affected web server. Both local and remote users, even
> from behind firewalls, may be able to gain privileged access.
>
>
> Impact
>
> Both local and remote users may exploit this vulnerability to
compromise
> the web server and, under certain conditions, to gain privileged
access.
> So far only the IA32 platform has been verified to be safe from the
> execution of arbitrary code. The vulnerability can still be used on
IA32
> to crash PHP and, in most cases, the web server.
>
>
> Solution
>
> The PHP Group has released a new PHP version, 4.2.2, which incorporates
> a fix for the vulnerability. All users of affected PHP versions are
> encouraged to upgrade to this latest version. The downloads web site at
>
> http://www.php.net/downloads.php
>
> has the new 4.2.2 source tarballs, Windows binaries and source patches
> from 4.2.0 and 4.2.1 available for download.
>
>
> Workaround
>
> If the PHP applications on an affected web server do not rely on HTTP
> POST input from user agents, it is often possible to deny POST requests
> on the web server.
>
> In the Apache web server, for example, this is possible with the
> following code included in the main configuration file or a top-level
> .htaccess file:
>
> <Limit POST>
> Order deny,allow
> Deny from all
> </Limit>
>
> Note that an existing configuration and/or .htaccess file may have
> parameters contradicting the example given above.
>
>
> Credits
>
> The PHP Group would like to thank Stefan Esser of e-matters GmbH for
> discovering this vulnerability.
>
>
> Copyright (c) 2002 The PHP Group.
>
>