<<< Date Index >>>     <<< Thread Index >>>

[OpenPKG-SA-2005.027] OpenPKG Security Advisory (php)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                            The OpenPKG Project
http://www.openpkg.org/security.html              http://www.openpkg.org
openpkg-security@xxxxxxxxxxx                         openpkg@xxxxxxxxxxx
OpenPKG-SA-2005.027                                          03-Dec-2005
________________________________________________________________________

Package:             php
Vulnerability:       multiple ones
OpenPKG Specific:    no

Affected Releases:   Affected Packages:      Corrected Packages:
OpenPKG CURRENT      <= php-4.4.0-20051004   >= php-4.4.1-20051031
OpenPKG 2.5          <= php-4.4.0-2.5.1      >= php-4.4.0-2.5.2
                     <= apache-1.3.33-2.5.3  >= apache-1.3.33-2.5.4
OpenPKG 2.4          <= php-4.3.11-2.4.1     >= php-4.3.11-2.4.2
                     <= apache-1.3.33-2.4.3  >= apache-1.3.33-2.4.4
OpenPKG 2.3          <= php-4.3.10-2.3.3     >= php-4.3.10-2.3.4
                     <= apache-1.3.33-2.3.5  >= apache-1.3.33-2.3.6

Description:
  Multiple vulnerabilities were recently found in the PHP [1] web
  scripting language:

  1. The "exif_read_data" function in the EXIF module in PHP before
  4.4.1 allows remote attackers to cause a Denial of Service (DoS)
  through an infinite recursion via a malformed JPEG image. The
  Common Vulnerabilities and Exposures (CVE) project assigned the id
  CVE-2005-3353 [2] to the problem.

  2. A Cross-Site Scripting (XSS) vulnerability in the "phpinfo"
  function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote
  attackers to inject arbitrary web script or HTML via a crafted URL
  with a "stacked array assignment". The Common Vulnerabilities and
  Exposures (CVE) project assigned the id CVE-2005-3388 [3] to the
  problem.

  3. The "parse_str" function in PHP 4.x up to 4.4.0 and 5.x up to
  5.0.5, when called with only one parameter, allows remote attackers
  to enable the "register_globals" directive via inputs that cause a
  request to be terminated due to the "memory_limit" setting, which
  causes PHP to set an internal flag that enables "register_globals" and
  allows attackers to exploit vulnerabilities in PHP applications that
  would otherwise be protected. The Common Vulnerabilities and Exposures
  (CVE) project assigned the id CVE-2005-3389 [4] to the problem.

  4. The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up
  to 5.0.5, when "register_globals" is enabled, allows remote attackers
  to modify the "GLOBALS" array and bypass security protections of PHP
  applications via a "multipart/form-data" POST request with a "GLOBALS"
  "fileupload" field. The Common Vulnerabilities and Exposures (CVE)
  project assigned the id CVE-2005-3390 [5] to the problem.

  5. Multiple vulnerabilities in PHP before 4.4.1 allow remote
  attackers to bypass "safe_mode" and "open_basedir" restrictions
  via unknown attack vectors in the "curl" and "gd" extensions. The
  Common Vulnerabilities and Exposures (CVE) project assigned the id
  CVE-2005-3391 [6] to the problem.

  6. The additionally discovered issue CVE-2005-3392 doesn't affect PHP
  under the OpenPKG platforms.
________________________________________________________________________

References:
  [1] http://www.php.net/
  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353
  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388 
  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389 
  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390
  [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@xxxxxxxxxxx>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/
for details on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@xxxxxxxxxxx>

iD8DBQFDkeIjgHWT4GPEy58RAr0kAKDI3vR3w7KhCg2iQ5h9au1LiYv2ogCdF4c7
IgeVMyxYVnQdAh6vmLP1kJE=
=hdmj
-----END PGP SIGNATURE-----