[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Redhat : Vulnerability in php



---------------------------------------------------------------------
                                           Red Hat, Inc. Red Hat Security Advisory

                        Synopsis:          Updated PHP packages are available [updated 2002-Mar-11]
                        Advisory ID:       RHSA-2002:035-18
                        Issue date:        2002-02-27
                        Updated on:        2002-03-21
                        Product:           Red Hat Linux
                        Keywords:          PHP remote exploit mulitpart MIME
                        Cross references:
                        Obsoletes:         RHSA-2000:088 RHSA-2000:136
                        ---------------------------------------------------------------------

                        1. Topic:

                        Updated PHP packages are available to fix vulnerabilities in the functions
                        that parse multipart MIME data, which are used when uploading files
                        through forms.

                        This revised advisory contains updated packages for Red Hat Linux 7, 7.1,
                        and 7.2.

                        2. Relevant releases/architectures:

                        Red Hat Linux 6.2 - alpha, i386, sparc

                        Red Hat Linux 7.0 - alpha, i386

                        Red Hat Linux 7.1 - alpha, i386, ia64

                        Red Hat Linux 7.2 - i386, ia64, s390

                        3. Problem description:

                        PHP is an HTML-embeddable scripting language.  A number of flaws have been
                        found in the way PHP handles multipart/form-data POST requests.  Each of
                        these flaws could allow an attacker to execute arbitrary code on the remote
                        system.

                        PHP 3.10-3.18 contains a broken boundary check (hard to exploit) and an
                        arbitrary heap overflow (easy to exploit).  These versions of PHP were
                        shipped with Red Hat Linux 6.2.

                        PHP 4.0.1-4.0.3pl1 contains a broken boundary check (hard to exploit) and a
                        heap-off-by-one (easy to exploit).  These versions of PHP were shipped with
                        Red Hat Linux 7.0.

                        PHP 4.0.2-4.0.5 contains two broken boundary checks (one very easy and one
                        hard to exploit).  These versions of PHP were shipped with Red Hat Linux
                        7.1 and as erratas to 7.0.

                        PHP 4.0.6-4.0.7RC2 contains a broken boundary check (very easy to exploit).
                        These versions of PHP were shipped with Red Hat Linux 7.2

                        The Common Vulnerabilities and Exposures project (cve.mitre.org) has
                        assigned the name CAN-2002-0081 to this issue.

                        If you are running PHP 4.0.3 or above, one way to work around these bugs is
                        to disable the fileupload support within your php.ini file (by setting
                        file_uploads = Off).

                        All users of PHP are advised to immediately upgrade to these errata
                        packages which close these vulnerabilities.

                        A previous version of this erratum included a version of the MySQL
                        extension which was compiled with an incorrect default pathname for the
                        socket used to connect to database servers residing on the local host.

                        This setting corresponds to the mysql.default_socket setting in the
                        /etc/php.ini file, and can also be corrected there.

                        4. Solution:

                        Before applying this update, make sure all previously released errata
                        relevant to your system have been applied.

                        To update all RPMs for your particular architecture, run:

                        rpm -Fvh [filenames]

                        where [filenames] is a list of the RPMs you wish to upgrade.  Only those
                        RPMs which are currently installed will be updated.  Those RPMs which are
                        not installed but included in the list will not be updated.  Note that you
                        can also use wildcards (*.rpm) if your current directory *only* contains
                        the
                        desired RPMs.

                        Please note that this update is also available via Red Hat Network.  Many
                        people find this an easier way to apply updates.  To use Red Hat Network,
                        launch the Red Hat Update Agent with the following command:

                        up2date

                        This will start an interactive process that will result in the appropriate
                        RPMs being upgraded on your system.

                        After applying these updates you will need to restart your web server if it
                        was running before the update was applied.

                        5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):



                        6. RPMs required:

                        Red Hat Linux 6.2:

                        SRPMS:
                        ftp://updates.redhat.com/6.2/en/os/SRPMS/php-3.0.18-8.src.rpm

                        alpha:
                        ftp://updates.redhat.com/6.2/en/os/alpha/php-3.0.18-8.alpha.rpm
                        ftp://updates.redhat.com/6.2/en/os/alpha/php-manual-3.0.18-8.alpha.rpm
                        ftp://updates.redhat.com/6.2/en/os/alpha/php-pgsql-3.0.18-8.alpha.rpm
                        ftp://updates.redhat.com/6.2/en/os/alpha/php-imap-3.0.18-8.alpha.rpm
                        ftp://updates.redhat.com/6.2/en/os/alpha/php-ldap-3.0.18-8.alpha.rpm

                        i386:
                        ftp://updates.redhat.com/6.2/en/os/i386/php-3.0.18-8.i386.rpm
                        ftp://updates.redhat.com/6.2/en/os/i386/php-manual-3.0.18-8.i386.rpm
                        ftp://updates.redhat.com/6.2/en/os/i386/php-pgsql-3.0.18-8.i386.rpm
                        ftp://updates.redhat.com/6.2/en/os/i386/php-imap-3.0.18-8.i386.rpm
                        ftp://updates.redhat.com/6.2/en/os/i386/php-ldap-3.0.18-8.i386.rpm

                        sparc:
                        ftp://updates.redhat.com/6.2/en/os/sparc/php-3.0.18-8.sparc.rpm
                        ftp://updates.redhat.com/6.2/en/os/sparc/php-manual-3.0.18-8.sparc.rpm
                        ftp://updates.redhat.com/6.2/en/os/sparc/php-pgsql-3.0.18-8.sparc.rpm
                        ftp://updates.redhat.com/6.2/en/os/sparc/php-imap-3.0.18-8.sparc.rpm
                        ftp://updates.redhat.com/6.2/en/os/sparc/php-ldap-3.0.18-8.sparc.rpm

                        Red Hat Linux 7.0:

                        SRPMS:
                        ftp://updates.redhat.com/7.0/en/os/SRPMS/php-4.0.6-13.src.rpm

                        alpha:
                        ftp://updates.redhat.com/7.0/en/os/alpha/php-4.0.6-13.alpha.rpm
                        ftp://updates.redhat.com/7.0/en/os/alpha/php-devel-4.0.6-13.alpha.rpm
                        ftp://updates.redhat.com/7.0/en/os/alpha/php-imap-4.0.6-13.alpha.rpm
                        ftp://updates.redhat.com/7.0/en/os/alpha/php-ldap-4.0.6-13.alpha.rpm
                        ftp://updates.redhat.com/7.0/en/os/alpha/php-manual-4.0.6-13.alpha.rpm
                        ftp://updates.redhat.com/7.0/en/os/alpha/php-mysql-4.0.6-13.alpha.rpm
                        ftp://updates.redhat.com/7.0/en/os/alpha/php-odbc-4.0.6-13.alpha.rpm
                        ftp://updates.redhat.com/7.0/en/os/alpha/php-pgsql-4.0.6-13.alpha.rpm

                        i386:
                        ftp://updates.redhat.com/7.0/en/os/i386/php-4.0.6-13.i386.rpm
                        ftp://updates.redhat.com/7.0/en/os/i386/php-devel-4.0.6-13.i386.rpm
                        ftp://updates.redhat.com/7.0/en/os/i386/php-imap-4.0.6-13.i386.rpm
                        ftp://updates.redhat.com/7.0/en/os/i386/php-ldap-4.0.6-13.i386.rpm
                        ftp://updates.redhat.com/7.0/en/os/i386/php-manual-4.0.6-13.i386.rpm
                        ftp://updates.redhat.com/7.0/en/os/i386/php-mysql-4.0.6-13.i386.rpm
                        ftp://updates.redhat.com/7.0/en/os/i386/php-odbc-4.0.6-13.i386.rpm
                        ftp://updates.redhat.com/7.0/en/os/i386/php-pgsql-4.0.6-13.i386.rpm

                        Red Hat Linux 7.1:

                        SRPMS:
                        ftp://updates.redhat.com/7.1/en/os/SRPMS/php-4.0.6-14.src.rpm

                        alpha:
                        ftp://updates.redhat.com/7.1/en/os/alpha/php-4.0.6-14.alpha.rpm
                        ftp://updates.redhat.com/7.1/en/os/alpha/php-devel-4.0.6-14.alpha.rpm
                        ftp://updates.redhat.com/7.1/en/os/alpha/php-imap-4.0.6-14.alpha.rpm
                        ftp://updates.redhat.com/7.1/en/os/alpha/php-ldap-4.0.6-14.alpha.rpm
                        ftp://updates.redhat.com/7.1/en/os/alpha/php-manual-4.0.6-14.alpha.rpm
                        ftp://updates.redhat.com/7.1/en/os/alpha/php-mysql-4.0.6-14.alpha.rpm
                        ftp://updates.redhat.com/7.1/en/os/alpha/php-odbc-4.0.6-14.alpha.rpm
                        ftp://updates.redhat.com/7.1/en/os/alpha/php-pgsql-4.0.6-14.alpha.rpm

                        i386:
                        ftp://updates.redhat.com/7.1/en/os/i386/php-4.0.6-14.i386.rpm
                        ftp://updates.redhat.com/7.1/en/os/i386/php-devel-4.0.6-14.i386.rpm
                        ftp://updates.redhat.com/7.1/en/os/i386/php-imap-4.0.6-14.i386.rpm
                        ftp://updates.redhat.com/7.1/en/os/i386/php-ldap-4.0.6-14.i386.rpm
                        ftp://updates.redhat.com/7.1/en/os/i386/php-manual-4.0.6-14.i386.rpm
                        ftp://updates.redhat.com/7.1/en/os/i386/php-mysql-4.0.6-14.i386.rpm
                        ftp://updates.redhat.com/7.1/en/os/i386/php-odbc-4.0.6-14.i386.rpm
                        ftp://updates.redhat.com/7.1/en/os/i386/php-pgsql-4.0.6-14.i386.rpm

                        ia64:
                        ftp://updates.redhat.com/7.1/en/os/ia64/php-4.0.6-14.ia64.rpm
                        ftp://updates.redhat.com/7.1/en/os/ia64/php-devel-4.0.6-14.ia64.rpm
                        ftp://updates.redhat.com/7.1/en/os/ia64/php-imap-4.0.6-14.ia64.rpm
                        ftp://updates.redhat.com/7.1/en/os/ia64/php-ldap-4.0.6-14.ia64.rpm
                        ftp://updates.redhat.com/7.1/en/os/ia64/php-manual-4.0.6-14.ia64.rpm
                        ftp://updates.redhat.com/7.1/en/os/ia64/php-mysql-4.0.6-14.ia64.rpm
                        ftp://updates.redhat.com/7.1/en/os/ia64/php-odbc-4.0.6-14.ia64.rpm
                        ftp://updates.redhat.com/7.1/en/os/ia64/php-pgsql-4.0.6-14.ia64.rpm

                        Red Hat Linux 7.2:

                        SRPMS:
                        ftp://updates.redhat.com/7.2/en/os/SRPMS/php-4.0.6-15.src.rpm

                        i386:
                        ftp://updates.redhat.com/7.2/en/os/i386/php-4.0.6-15.i386.rpm
                        ftp://updates.redhat.com/7.2/en/os/i386/php-devel-4.0.6-15.i386.rpm
                        ftp://updates.redhat.com/7.2/en/os/i386/php-imap-4.0.6-15.i386.rpm
                        ftp://updates.redhat.com/7.2/en/os/i386/php-ldap-4.0.6-15.i386.rpm
                        ftp://updates.redhat.com/7.2/en/os/i386/php-manual-4.0.6-15.i386.rpm
                        ftp://updates.redhat.com/7.2/en/os/i386/php-mysql-4.0.6-15.i386.rpm
                        ftp://updates.redhat.com/7.2/en/os/i386/php-odbc-4.0.6-15.i386.rpm
                        ftp://updates.redhat.com/7.2/en/os/i386/php-pgsql-4.0.6-15.i386.rpm

                        ia64:
                        ftp://updates.redhat.com/7.2/en/os/ia64/php-4.0.6-15.ia64.rpm
                        ftp://updates.redhat.com/7.2/en/os/ia64/php-devel-4.0.6-15.ia64.rpm
                        ftp://updates.redhat.com/7.2/en/os/ia64/php-imap-4.0.6-15.ia64.rpm
                        ftp://updates.redhat.com/7.2/en/os/ia64/php-ldap-4.0.6-15.ia64.rpm
                        ftp://updates.redhat.com/7.2/en/os/ia64/php-manual-4.0.6-15.ia64.rpm
                        ftp://updates.redhat.com/7.2/en/os/ia64/php-mysql-4.0.6-15.ia64.rpm
                        ftp://updates.redhat.com/7.2/en/os/ia64/php-odbc-4.0.6-15.ia64.rpm
                        ftp://updates.redhat.com/7.2/en/os/ia64/php-pgsql-4.0.6-15.ia64.rpm



                        7. Verification:

                        MD5 sum                          Package Name
                        --------------------------------------------------------------------------
                        f07b6317aee9ade09625a8166641edc7 6.2/en/os/SRPMS/php-3.0.18-8.src.rpm
                        c56a2c896756ce982e14b329ee122c97 6.2/en/os/alpha/php-3.0.18-8.alpha.rpm
                        1a14f54cf642e41b6474f7bd8d89b4b7 6.2/en/os/alpha/php-imap-3.0.18-8.alpha.rpm
                        90244d18f76ce2f254e946edcb28e4b9 6.2/en/os/alpha/php-ldap-3.0.18-8.alpha.rpm
                        7b05bacc07896a17866cbe73b9c37eba 6.2/en/os/alpha/php-manual-3.0.18-8.alpha.rpm
                        1266ab137b0fb24e7447683e9100c501 6.2/en/os/alpha/php-pgsql-3.0.18-8.alpha.rpm
                        f4219464571e14737e1e5e3d414ae5d2 6.2/en/os/i386/php-3.0.18-8.i386.rpm
                        9e4250f304c8832a0d0e99d98109f59c 6.2/en/os/i386/php-imap-3.0.18-8.i386.rpm
                        31630b40f901d1617cfe0fce4a2e14df 6.2/en/os/i386/php-ldap-3.0.18-8.i386.rpm
                        78ade58fa6517548264f21996bf799a3 6.2/en/os/i386/php-manual-3.0.18-8.i386.rpm
                        c4985d7263824fd4c837f997605afff2 6.2/en/os/i386/php-pgsql-3.0.18-8.i386.rpm
                        08e4722c97645d8bde860ff0b9dbb48c 6.2/en/os/sparc/php-3.0.18-8.sparc.rpm
                        17d9aaac1927e3dd631dfd26fd75e25e 6.2/en/os/sparc/php-imap-3.0.18-8.sparc.rpm
                        4f9a316f188315dddc6d2d7b3f643abc 6.2/en/os/sparc/php-ldap-3.0.18-8.sparc.rpm
                        f7783e877972c2cd4a8c91574fef4655 6.2/en/os/sparc/php-manual-3.0.18-8.sparc.rpm
                        b2ac8533b51b8a63db12cee2e334bc70 6.2/en/os/sparc/php-pgsql-3.0.18-8.sparc.rpm
                        bb29d69be271e9392ac5d7927bb5898b 7.0/en/os/SRPMS/php-4.0.6-13.src.rpm
                        0b712264f703cbeb1ec8bfd4aef472fc 7.0/en/os/alpha/php-4.0.6-13.alpha.rpm
                        6ad1e3760f43c0bc6565aeb0e3e893c4 7.0/en/os/alpha/php-devel-4.0.6-13.alpha.rpm
                        a591f97833ef17101dcdf4d3a83afca8 7.0/en/os/alpha/php-imap-4.0.6-13.alpha.rpm
                        71c2a9c5ac2110886a40fc95531bbc9b 7.0/en/os/alpha/php-ldap-4.0.6-13.alpha.rpm
                        0340411a93de40a1adf9399cf4250f98 7.0/en/os/alpha/php-manual-4.0.6-13.alpha.rpm
                        a867a755350bdb973ca9bb6715d8ee02 7.0/en/os/alpha/php-mysql-4.0.6-13.alpha.rpm
                        85f509ab6df2eeff3598ee83a00a4894 7.0/en/os/alpha/php-odbc-4.0.6-13.alpha.rpm
                        00181ed29d93b2b58b0b80898c15b4db 7.0/en/os/alpha/php-pgsql-4.0.6-13.alpha.rpm
                        af89043ea355c15f56b956851d0aa4d5 7.0/en/os/i386/php-4.0.6-13.i386.rpm
                        df120a36632bfefed5e8214c103153c8 7.0/en/os/i386/php-devel-4.0.6-13.i386.rpm
                        954c496e71a391754431e604fea27d3a 7.0/en/os/i386/php-imap-4.0.6-13.i386.rpm
                        fe6a47d82357ff4b2f2ecb3c4b5b9263 7.0/en/os/i386/php-ldap-4.0.6-13.i386.rpm
                        6494c2fe238beb90e8f5d374bef78b82 7.0/en/os/i386/php-manual-4.0.6-13.i386.rpm
                        c9756317b0164b5a9eb4e598233f6603 7.0/en/os/i386/php-mysql-4.0.6-13.i386.rpm
                        0d219a74f9a603faa6bec0d6cae404ff 7.0/en/os/i386/php-odbc-4.0.6-13.i386.rpm
                        b31f9833aa9de5fb146bd7b0d83d3447 7.0/en/os/i386/php-pgsql-4.0.6-13.i386.rpm
                        744b77f8a3cc55a27d4d60ab7981c535 7.1/en/os/SRPMS/php-4.0.6-14.src.rpm
                        c050178fb44e084ff22c5df45313e4c5 7.1/en/os/alpha/php-4.0.6-14.alpha.rpm
                        20aec96fa6f11d258e7341364c7267fe 7.1/en/os/alpha/php-devel-4.0.6-14.alpha.rpm
                        0efbcddd0fece2113f11b4d73ed8fe7d 7.1/en/os/alpha/php-imap-4.0.6-14.alpha.rpm
                        4c312b08af6779ec7d232f6d5ee48110 7.1/en/os/alpha/php-ldap-4.0.6-14.alpha.rpm
                        46847ebec323ce1eee75f94a5e211ff9 7.1/en/os/alpha/php-manual-4.0.6-14.alpha.rpm
                        59ef323131bed33623b9e1fba289ed2f 7.1/en/os/alpha/php-mysql-4.0.6-14.alpha.rpm
                        9fbcb899edc3541018ec122c40576ff5 7.1/en/os/alpha/php-odbc-4.0.6-14.alpha.rpm
                        e278989038dc0f87936569846aa293fc 7.1/en/os/alpha/php-pgsql-4.0.6-14.alpha.rpm
                        dc1140d7f7b18781d672e309dd7ca04b 7.1/en/os/i386/php-4.0.6-14.i386.rpm
                        fa4b579888995b6573e7a73804158f96 7.1/en/os/i386/php-devel-4.0.6-14.i386.rpm
                        1263d98ba75ec5ca1e65d48bd368379d 7.1/en/os/i386/php-imap-4.0.6-14.i386.rpm
                        74efc20c094b707be855dabaf2add1f4 7.1/en/os/i386/php-ldap-4.0.6-14.i386.rpm
                        cbc44ab6b2fc44a02494bf2471919961 7.1/en/os/i386/php-manual-4.0.6-14.i386.rpm
                        5d495b80a74f66322a47fd944966f279 7.1/en/os/i386/php-mysql-4.0.6-14.i386.rpm
                        b354335acc5b940d2f0e738fc4787be6 7.1/en/os/i386/php-odbc-4.0.6-14.i386.rpm
                        d077d9fa21dadb3c057678230b3074c0 7.1/en/os/i386/php-pgsql-4.0.6-14.i386.rpm
                        3228e983d9ddc1d489a842530b89d243 7.1/en/os/ia64/php-4.0.6-14.ia64.rpm
                        4833f11cffa29e2ddb875363e5b3f251 7.1/en/os/ia64/php-devel-4.0.6-14.ia64.rpm
                        47b48d59b575a9b575d611e0f172b7aa 7.1/en/os/ia64/php-imap-4.0.6-14.ia64.rpm
                        e4332a1b20a06ed9fb8f81fde2cc804b 7.1/en/os/ia64/php-ldap-4.0.6-14.ia64.rpm
                        6f7f723ee3f53ffca3f3d5ff45019b79 7.1/en/os/ia64/php-manual-4.0.6-14.ia64.rpm
                        3724f9d8d8f4d220346863a88de13d76 7.1/en/os/ia64/php-mysql-4.0.6-14.ia64.rpm
                        4b8f83a823e31ed823a3140a760483ff 7.1/en/os/ia64/php-odbc-4.0.6-14.ia64.rpm
                        3f3331675054fddb9da31bf86b0c5547 7.1/en/os/ia64/php-pgsql-4.0.6-14.ia64.rpm
                        66ecdcea3196a94160ce6cdbc2ddc4d6 7.2/en/os/SRPMS/php-4.0.6-15.src.rpm
                        39ba1ae47d084733ed62d13bdc2c94c7 7.2/en/os/i386/php-4.0.6-15.i386.rpm
                        78b159fdd343e51f94999702535b0ea7 7.2/en/os/i386/php-devel-4.0.6-15.i386.rpm
                        ee99d2eef98e265a3bbf8f8a7560aae2 7.2/en/os/i386/php-imap-4.0.6-15.i386.rpm
                        71e442a419d01253b28e153bb8c0e14d 7.2/en/os/i386/php-ldap-4.0.6-15.i386.rpm
                        dfe7acedf564e7870ec6ae2a5ba35cea 7.2/en/os/i386/php-manual-4.0.6-15.i386.rpm
                        79c7dd197bd32308cd6fde471ab6ecf9 7.2/en/os/i386/php-mysql-4.0.6-15.i386.rpm
                        6f361675b3abdf2a0217e1060102b4d3 7.2/en/os/i386/php-odbc-4.0.6-15.i386.rpm
                        d4fed68c16d30a4bc8a810ffa1e38f47 7.2/en/os/i386/php-pgsql-4.0.6-15.i386.rpm
                        f4576c3f1337e53762cb5faa3f6c1d50 7.2/en/os/ia64/php-4.0.6-15.ia64.rpm
                        206f11bcc8a84d18b742f3e1200bf284 7.2/en/os/ia64/php-devel-4.0.6-15.ia64.rpm
                        68320556a17082261578fca3b7b8cb83 7.2/en/os/ia64/php-imap-4.0.6-15.ia64.rpm
                        dfe2bf8b9ed61589e43acf87d4d37c22 7.2/en/os/ia64/php-ldap-4.0.6-15.ia64.rpm
                        bf8af9aa9891e0491bd5e4e3d22ae821 7.2/en/os/ia64/php-manual-4.0.6-15.ia64.rpm
                        971ba2e0d2fdec91d80bb7337a7f7b9f 7.2/en/os/ia64/php-mysql-4.0.6-15.ia64.rpm
                        d6f5e5077ba72d94a21479923382cfe4 7.2/en/os/ia64/php-odbc-4.0.6-15.ia64.rpm
                        9141daf011bb0bd53543214cb438bbc8 7.2/en/os/ia64/php-pgsql-4.0.6-15.ia64.rpm


                        These packages are GPG signed by Red Hat, Inc. for security.  Our key
                        is available at:
                            http://www.redhat.com/about/contact/pgpkey.html

                        You can verify each package with the following command:
                            rpm --checksig  

                        If you only wish to verify that each package has not been corrupted or
                        tampered with, examine only the md5sum with the following command:
                            rpm --checksig --nogpg 

                        8. References:

                        http://security.e-matters.de/advisories/012002.html
                        http://www.kb.cert.org/vuls/id/297363
                        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0081


                        Copyright(c) 2000, 2001, 2002 Red Hat, Inc.