[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Fw: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and4.2.1
- Subject: Re: [cobalt-users] Fw: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and4.2.1
- From: "Mike Sisson" <msisson@xxxxxxx>
- Date: Wed Jul 24 17:08:01 2002
- Organization: Visionary Communications, Inc.
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Is the vulnerability only present in 4.2.0 and 4.2.1 ?
is 4.1.2 safe ?
----- Original Message -----
From: "Fragga" <fragga@xxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Cc: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Monday, July 22, 2002 7:53 AM
Subject: [cobalt-users] Fw: PHP Security Advisory: Vulnerability in PHP
versions 4.2.0 and4.2.1
> if your interested.
>
> fragga
>
> ----- Original Message -----
> From: "Marko Karppinen" <markonen@xxxxxxx>
> To: <bugtraq@xxxxxxxxxxxxxxxxx>
> Sent: Monday, July 22, 2002 5:59 AM
> Subject: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
and4.2.1
>
>
> >
> > PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
> >
> >
> > Issued on: July 22, 2002
> > Software: PHP versions 4.2.0 and 4.2.1
> > Platforms: All
> >
> >
> > The PHP Group has learned of a serious security vulnerability in PHP
> > versions 4.2.0 and 4.2.1. An intruder may be able to execute
arbitrary
> > code with the privileges of the web server. This vulnerability may be
> > exploited to compromise the web server and, under certain conditions,
> > to gain privileged access.
> >
> >
> > Description
> >
> > PHP contains code for intelligently parsing the headers of HTTP POST
> > requests. The code is used to differentiate between variables and
files
> > sent by the user agent in a "multipart/form-data" request. This
parser
> > has insufficient input checking, leading to the vulnerability.
> >
> > The vulnerability is exploitable by anyone who can send HTTP POST
> > requests to an affected web server. Both local and remote users, even
> > from behind firewalls, may be able to gain privileged access.
> >
> >
> > Impact
> >
> > Both local and remote users may exploit this vulnerability to
> compromise
> > the web server and, under certain conditions, to gain privileged
> access.
> > So far only the IA32 platform has been verified to be safe from the
> > execution of arbitrary code. The vulnerability can still be used on
> IA32
> > to crash PHP and, in most cases, the web server.
> >
> >
> > Solution
> >
> > The PHP Group has released a new PHP version, 4.2.2, which
incorporates
> > a fix for the vulnerability. All users of affected PHP versions are
> > encouraged to upgrade to this latest version. The downloads web site
at
> >
> > http://www.php.net/downloads.php
> >
> > has the new 4.2.2 source tarballs, Windows binaries and source
patches
> > from 4.2.0 and 4.2.1 available for download.
> >
> >
> > Workaround
> >
> > If the PHP applications on an affected web server do not rely on HTTP
> > POST input from user agents, it is often possible to deny POST
requests
> > on the web server.
> >
> > In the Apache web server, for example, this is possible with the
> > following code included in the main configuration file or a top-level
> > .htaccess file:
> >
> > <Limit POST>
> > Order deny,allow
> > Deny from all
> > </Limit>
> >
> > Note that an existing configuration and/or .htaccess file may have
> > parameters contradicting the example given above.
> >
> >
> > Credits
> >
> > The PHP Group would like to thank Stefan Esser of e-matters GmbH for
> > discovering this vulnerability.
> >
> >
> > Copyright (c) 2002 The PHP Group.
> >
> >
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users