OpenPKG Security Advisory
OpenPKG-SA-2003.032
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2003.032 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2003.032 Advisory Published: 2009-07-04 12:44 UTC Issue Id (internal): OpenPKG-SI-20030707.01 Issue First Created: 2003-07-07 Issue Last Modified: 2006-11-29 Issue Revision: 09
Subject Name: PHP Subject Summary: Personal HomePage (PHP) Subject Home: http://www.php.net/ Subject Versions: * <= 4.3.1 Vulnerability Id: CVE-2002-0985, CVE-2002-0986, CVE-2003-0442 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: identity fraud, privilege escalation Description: A security advisory [3] states that in PHP [1] version 4.3.1 (but we at OpenPKG believe 4.2.x) and earlier, when transparent session ID support is enabled using the "session.use_trans_sid" option, the session ID is not escaped before use, which allows remote attackers to insert arbitrary script via the PHPSESSID parameter. Additionally, Wojciech Purczynski some time ago found out [2] that it is possible to allow remote attackers to by-pass "safe mode" restrictions in PHP [1] 4.x to 4.2.2 and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. CVE-2002-0985 Wojciech Purczynski also reported [2] that the mail function in PHP [1] 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." CVE-2002-0986 References: [1] http://www.php.net/ [2] http://isec.pl/vulnerabilities/0005.txt [3] http://shh.thathost.com/secadv/2003-05-11-php.txt [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0985 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0986 [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0442 [7] http://www.openpkg.org/tutorial.html#regular-source [8] http://www.openpkg.org/tutorial.html#regular-binary [9] ftp://ftp.openpkg.org/release/1.1/UPD/php-4.2.2-1.1.2.src.rpm [10] ftp://ftp.openpkg.org/release/1.1/UPD/ [11] http://www.openpkg.org/security.html#signature
Primary Package Name: php Primary Package Home: http://openpkg.org/go/package/php Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 1.1-SOLID apache-1.3.26-1.1.4 OpenPKG Community 1.1-SOLID php-4.2.2-1.1.1 OpenPKG Community 1.2-SOLID n/a OpenPKG Community 1.2-SOLID n/a OpenPKG Community CURRENT apache-1.3.27-20030516 OpenPKG Community CURRENT php-4.3.1-20030516 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 1.1-SOLID apache-1.3.26-1.1.5 OpenPKG Community 1.1-SOLID php-4.2.2-1.1.2 OpenPKG Community 1.2-SOLID n/a OpenPKG Community 1.2-SOLID n/a OpenPKG Community CURRENT apache-1.3.27-20030529 OpenPKG Community CURRENT php-4.3.2-20030529
