[thelist] Multiple Vulnerabilities in PHP fileup - CERT advisory

Shirley Kaiser, SKDesigns skaiser1 at skdesigns.com
Thu Feb 28 09:25:15 CST 2002 

Thought I'd pass along some info to you PHP folks that CERT dispatched
yesterday. This is just a snippet, and you can read the whole thing and
obtain more information from <http://www.cert.org/advisories/CA-2002-05.html>

 >>
CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload

    Original release date: February 27, 2002
    Last revised: --
    Source: CERT/CC

    A complete revision history can be found at the end of this file.

Systems Affected

      * Web servers running PHP

Overview

    Multiple  vulnerabilities  exist  in the PHP scripting language. These
    vulnerabilities  could  allow  a  remote attacker to execute arbitrary
    code with the privileges of the PHP process.

I. Description

    PHP is a scripting language widely used in web development. PHP can be
    installed on a variety of web servers, including Apache, IIS, Caudium,
    Netscape  and  iPlanet,  OmniHTTPd  and others. Vulnerabilities in the
    php_mime_split  function  may  allow  an intruder to execute arbitrary
    code  with  the  privileges of the web server. For additional details,
    see

      http://security.e-matters.de/advisories/012002.html

    Web  servers  that  do not have PHP installed are not affected by this
    vulnerability.

    The  CERT/CC  is tracking this set of vulnerabilities as VU#297363. At
    this  time,  these  vulnerabilities  have  not  been  assigned  a  CVE
    identifier.

II. Impact

    Intruders  can  execute  arbitrary code with the privileges of the web
    server, or interrupt normal operations of the web server.

III. Solution

Apply a Patch

    Upgrade to PHP version 4.1.2, available from

      http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz

    If   upgrading   is  not  possible,  apply  patches  as  described  at
    http://www.php.net/downloads.php:
    * For PHP 4.10/4.11
      http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.1.x.gz
    * For PHP 4.06
      http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.0.6.gz
    * For PHP 3.0
      http://www.php.net/do_download.php?download_file=mime.c.diff-3.0.gz

    If  you  are  using  version  4.20-dev,  you  are not affected by this
    vulnerability. Quoting from
    http://security.e-matters.de/advisories/012002.htm:

      "[U]sers  running  PHP 4.2.0-dev from cvs are not vulnerable to any
      of  the  described  bugs  because the fileupload code was completly
      rewritten for the 4.2.0 branch."


    This document is available from:
    http://www.cert.org/advisories/CA-2002-05.html
    <snip>
February 27, 2002:  Initial release

<<

--
Shirley E. Kaiser, M.A.,  SKDesigns  mailto:skaiser1 at skdesigns.com
Website Design, Development      http://www.skdesigns.com/
WebsiteTips: Design Resources  http://www.websitetips.com/
Brainstorms and Raves  http://www.brainstormsandraves.com/

More information about the thelist mailing list