OpenPKG Security Advisory
OpenPKG-SA-2005.027
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2005.027 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2005.027 Advisory Published: 2008-10-06 22:57 UTC Issue Id (internal): OpenPKG-SI-20051203.04 Issue First Created: 2005-12-03 Issue Last Modified: 2006-11-29 Issue Revision: 08
Subject Name: PHP Subject Summary: Personal HomePage (PHP) Subject Home: http://www.php.net/ Subject Versions: * <= 4.4.0 Vulnerability Id: CVE-2005-3353, CVE-2005-3388, CVE-2005-3389, CVE-2005-3390, CVE-2005-3391 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: identity fraud, denial of service, exposure of sensitive information, manipulation of data, privilege escalation, arbitrary code execution Description: Multiple vulnerabilities were recently found in the PHP [1] web scripting language: 1. The "exif_read_data" function in the EXIF module in PHP before 4.4.1 allows remote attackers to cause a Denial of Service (DoS) through an infinite recursion via a malformed JPEG image. CVE-2005-3353 2. A Cross-Site Scripting (XSS) vulnerability in the "phpinfo" function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment". CVE-2005-3388 3. The "parse_str" function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the "register_globals" directive via inputs that cause a request to be terminated due to the "memory_limit" setting, which causes PHP to set an internal flag that enables "register_globals" and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. CVE-2005-3389 4. The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when "register_globals" is enabled, allows remote attackers to modify the "GLOBALS" array and bypass security protections of PHP applications via a "multipart/form-data" POST request with a "GLOBALS" "fileupload" field. CVE-2005-3390 5. Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass "safe_mode" and "open_basedir" restrictions via unknown attack vectors in the "curl" and "gd" extensions. CVE-2005-3391 6. The additionally discovered issue CVE-2005-3392 doesn't affect PHP under the OpenPKG platforms. References: [1] http://www.php.net/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390 [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391
Primary Package Name: php Primary Package Home: http://openpkg.org/go/package/php Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2.3-SOLID apache-1.3.33-2.3.5 OpenPKG Community 2.3-SOLID php-4.3.10-2.3.3 OpenPKG Community 2.4-SOLID apache-1.3.33-2.4.3 OpenPKG Community 2.4-SOLID php-4.3.11-2.4.1 OpenPKG Community 2.5-SOLID apache-1.3.33-2.5.3 OpenPKG Community 2.5-SOLID php-4.4.0-2.5.1 OpenPKG Community CURRENT php-4.4.0-20051004 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2.3-SOLID apache-1.3.33-2.3.6 OpenPKG Community 2.3-SOLID php-4.3.10-2.3.4 OpenPKG Community 2.4-SOLID apache-1.3.33-2.4.4 OpenPKG Community 2.4-SOLID php-4.3.11-2.4.2 OpenPKG Community 2.5-SOLID apache-1.3.33-2.5.4 OpenPKG Community 2.5-SOLID php-4.4.0-2.5.2 OpenPKG Community CURRENT php-4.4.1-20051031
