[USN-99-1] PHP4 vulnerabilities

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-99-1] PHP4 vulnerabilities
From: Martin Pitt <martin.pitt@xxxxxxxxxxxxx>
Date: Fri, 18 Mar 2005 15:22:28 +0100
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.5.6+20040907i
===========================================================
Ubuntu Security Notice USN-99-1              March 18, 2005
php4 vulnerabilities
CAN-2004-1018, CAN-2004-1063, CAN-2004-1064
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libapache2-mod-php4
php4-cgi

The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.5.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Stefano Di Paola discovered integer overflows in PHP's pack() and
unpack() functions. A malicious PHP script could exploit these to
break out of safe mode and execute arbitrary code with the privileges
of the PHP interpreter. (CAN-2004-1018)

Note: The second part of CAN-2004-1018 (buffer overflow in the
shmop_write() function) was already fixed in USN-66-1.

Stefan Esser discovered two safe mode bypasses which allowed malicious
PHP scripts to circumvent path restrictions. This was possible by
either using virtual_popen() with a current directory containing shell
metacharacters (CAN-2004-1063) or creating a specially crafted
directory whose length exceeded the capacity of the realpath()
function (CAN-2004-1064).

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.5.diff.gz
      Size/MD5:   613179 4d3220fdf142ea4452d63b5b43a6f4e6
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.5.dsc
      Size/MD5:     1624 8f446c2c0955eaea56216d88e36d5497
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
      Size/MD5:  4832570 dd69f8c89281f088eadf4ade3dbd39ee

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.5_all.deb
      Size/MD5:   331892 979ce58b4a015422260867e593519cff
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.5_all.deb
      Size/MD5:    89336 6a2e16d473d1de97d52755a1ddae77df

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:  1688216 e64c541115ecda5eea3c85b0f062d22d
    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:  3197308 e3c7a9349bf7a04d0307a83bd920c5c4
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:    17286 faa85f567ff400564c117c59b5babe3b
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:    40430 69501c96def30bd38769dcf7fcd6eb27
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:    33490 b930a1cebaa93630e3a549075be7b67e
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:    21232 5769905c83001d4d165a2a82a72826ae
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:    18406 2b5ffcb4d7a3e02c9b81d99f8bfee6ba
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:     7992 10a13e81ceaff20dc4d5efac30e2a486
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:    23106 e435d0905882d980bea64b85b84ff014
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:    28322 00f257d6dba08df74350873b6e1709ce
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:     7618 bf717cde4c85379c45b7d0518545d5a3
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:    12970 e385f9b9eb1717acac5ccfdccda4c590
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:    21498 7b7bf6fdc33cfdd0c637459aedc49121
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:    17246 fc4bf834225eecee09fe087596beede3
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.5_amd64.deb
      Size/MD5:  1704376 39926df0c6ebc4839a4c950cdea80e21

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:  1630396 1086838fbd5631524e4d1812312a3d24
    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:  3043776 3d09d579e2ec489eef002408e5955aa2
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:    16858 773be934d2f6ccc78633b4d6b5eb8d96
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:    35558 5b31c650f982128e3cda90b7feca06da
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:    31062 98c989bd796931f320aaa948965fddbb
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:    19474 95a3bd09fb5dae2a0db345f7cfe93ed4
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:    17044 7e145ce46f1899ca198cf9013255a0a9
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:     7738 e9267a6e8414576a87a626536d4babdf
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:    20904 5b26b94d7d43960126bbf608f32057b5
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:    26066 8e1fb222a468ed17514aa555cd46a2f0
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:     7366 b5ac4f6072f7d64fd01335987cbbda45
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:    12318 b9ce2a6d16379822d53447ff18ea8e2f
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:    20012 7c36e00fe43456d0417f7b6235483623
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:    15876 59b8feac4af347302ed527d36609f369
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.5_i386.deb
      Size/MD5:  1645060 2c9f34ab1d402b319e069d089ffa7875

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:  1690268 4c47e5797f742e69dc6839e31b69e181
    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:  3203256 21585ecca8f9805d3bf4ccbe508ad482
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:    19110 042cda097407ec76232cc8d672f1c1ca
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:    38282 8f6adf4576340c7b4bd78b46bbcd4167
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:    34008 e9585d3e01afdaa4b7afe64f1e88c1a3
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:    21474 6ca70e134438cc249eb200d295832116
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:    19304 1905b529e355fc15cca77585627aeaab
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:     9326 70eee9f85d8c8acaddd0659d576eb271
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:    22690 4da53be0826249c7141ac58752ebe45a
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:    28404 912be09d3247d60e9d83a4bf31009a1e
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:     9008 b1bf15d490ebf266d2ce25f4f7f7a59a
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:    14326 5f5248d3f08d054aa5d833e3bb06fa25
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:    22198 79ecda1201c7c9a5ad7d708859f48dca
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:    18062 8ec53737f729a13487c213d2cf7a62f3
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.5_powerpc.deb
      Size/MD5:  1707730 cdb0f8872816ad3cacbd48368dec273f
Attachment: signature.asc
Description: Digital signature
Prev by Date: Social Engineering: You Have Been A Victim
Next by Date: runcms installation path
Previous by thread: Re: [Full-disclosure] Social Engineering: You Have Been A Victim
Next by thread: runcms installation path
Index(es):
- Date
- Thread