OpenPKG Security Advisory
OpenPKG-SA-2002.001
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2002.001 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2002.001 Advisory Published: 2008-10-11 12:17 UTC Issue Id (internal): OpenPKG-SI-20020228.01 Issue First Created: 2002-02-28 Issue Last Modified: 2006-11-28 Issue Revision: 05
Subject Name: PHP Subject Summary: Personal HomePage (PHP) Subject Home: http://www.php.net/ Subject Versions: * <= 4.0.6 Vulnerability Id: none Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: privilege escalation Description: According to an e-matters Security Advisory [5] and the PHP Team [6], Stefan Esser <s.esser@ematters.de>, also a member of the PHP team, found several flaws in the way PHP handles multipart/form-data HTTP POST requests (as described in RFC1867), known as POST file uploads. Each of the flaws could allow an attacker to execute arbitrary code on the victim's system. References: [1] http://www.openpkg.org/security.html#signature [2] http://www.openpkg.org/tutorial.html#regular-source [3] ftp://ftp.openpkg.org/release/1.0/UPD/ [4] ftp://ftp.openpkg.org/release/1.0/UPD/php-4.0.6-1.0.1.src.rpm [5] http://security.e-matters.de/advisories/012002.html [6] http://www.php.net/distributions/rfc1867.c.diff-4.0.6.gz
Primary Package Name: php Primary Package Home: http://openpkg.org/go/package/php Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 1.0-SOLID php-4.0.6-1.0.0 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 1.0-SOLID php-4.0.6-1.0.1
