[thelist] Multiple Vulnerabilities in PHP fileup - CERT advisory
Shirley Kaiser, SKDesigns
skaiser1 at skdesigns.com
Thu Feb 28 09:25:15 CST 2002
Thought I'd pass along some info to you PHP folks that CERT dispatched
yesterday. This is just a snippet, and you can read the whole thing and
obtain more information from <http://www.cert.org/advisories/CA-2002-05.html>
>>
CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload
Original release date: February 27, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Web servers running PHP
Overview
Multiple vulnerabilities exist in the PHP scripting language. These
vulnerabilities could allow a remote attacker to execute arbitrary
code with the privileges of the PHP process.
I. Description
PHP is a scripting language widely used in web development. PHP can be
installed on a variety of web servers, including Apache, IIS, Caudium,
Netscape and iPlanet, OmniHTTPd and others. Vulnerabilities in the
php_mime_split function may allow an intruder to execute arbitrary
code with the privileges of the web server. For additional details,
see
http://security.e-matters.de/advisories/012002.html
Web servers that do not have PHP installed are not affected by this
vulnerability.
The CERT/CC is tracking this set of vulnerabilities as VU#297363. At
this time, these vulnerabilities have not been assigned a CVE
identifier.
II. Impact
Intruders can execute arbitrary code with the privileges of the web
server, or interrupt normal operations of the web server.
III. Solution
Apply a Patch
Upgrade to PHP version 4.1.2, available from
http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz
If upgrading is not possible, apply patches as described at
http://www.php.net/downloads.php:
* For PHP 4.10/4.11
http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.1.x.gz
* For PHP 4.06
http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.0.6.gz
* For PHP 3.0
http://www.php.net/do_download.php?download_file=mime.c.diff-3.0.gz
If you are using version 4.20-dev, you are not affected by this
vulnerability. Quoting from
http://security.e-matters.de/advisories/012002.htm:
"[U]sers running PHP 4.2.0-dev from cvs are not vulnerable to any
of the described bugs because the fileupload code was completly
rewritten for the 4.2.0 branch."
This document is available from:
http://www.cert.org/advisories/CA-2002-05.html
<snip>
February 27, 2002: Initial release
<<
--
Shirley E. Kaiser, M.A., SKDesigns mailto:skaiser1 at skdesigns.com
Website Design, Development http://www.skdesigns.com/
WebsiteTips: Design Resources http://www.websitetips.com/
Brainstorms and Raves http://www.brainstormsandraves.com/
More information about the thelist
mailing list