Executive Summary
Summary | |
---|---|
Title | Updated php packages fix security issues and bugs |
Informations | |||
---|---|---|---|
Name | RHSA-2004:687 | First vendor Publication | 2004-12-21 |
Vendor | RedHat | Last vendor Modification | 2004-12-21 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated php packages that fix various security issues and bugs are now available for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Flaws including possible information disclosure, double free, and negative reference index array underflow were found in the deserialization code of PHP. PHP applications may use the unserialize function on untrusted user data, which could allow a remote attacker to gain access to memory or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1019 to this issue. A flaw in the exif extension of PHP was found which lead to a stack overflow. An attacker could create a carefully crafted image file in such a way that if parsed by a PHP script using the exif extension it could cause a crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1065 to this issue. An information disclosure bug was discovered in the parsing of "GPC" variables in PHP (query strings or cookies, and POST form data). If particular scripts used the values of the GPC variables, portions of the memory space of an httpd child process could be revealed to the client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0958 to this issue. A file access bug was discovered in the parsing of "multipart/form-data" forms, used by PHP scripts which allow file uploads. In particular configurations, some scripts could allow a malicious client to upload files to an arbitrary directory where the "apache" user has write access. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0959 to this issue. Flaws were found in shmop_write, pack, and unpack PHP functions. These functions are not normally passed user supplied data, so would require a malicious PHP script to be exploited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1018 to this issue. Various issues were discovered in the use of the "select" system call in PHP, which could be triggered if PHP is used in an Apache configuration where the number of open files (such as virtual host log files) exceeds the default process limit of 1024. Workarounds are now included for some of these issues. The "phpize" shell script included in PHP can be used to build third-party extension modules. A build issue was discovered in the "phpize" script on some 64-bit platforms which prevented correct operation. The "pcntl" extension module is now enabled in the command line PHP interpreter, /usr/bin/php. This module enables process control features such as "fork" and "kill" from PHP scripts. Users of PHP should upgrade to these updated packages, which contain fixes for these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/): 131412 - Include process control extension, pcntl 131562 - phpize is broken on x86_64 132003 - fopen doesn't work across remote connections while under Apache 134971 - CAN-2004-0958 PHP variable parsing 134975 - CAN-2004-0959 PHP arbitrary file creation 141132 - CAN-2004-1019 information disclosure issues 142056 - CAN-2004-1065 ext/exif/exif.c - exif_read_data() overflow on long sectionname |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2004-687.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10511 | |||
Oval ID: | oval:org.mitre.oval:def:10511 | ||
Title: | The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. | ||
Description: | The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-1019 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10863 | |||
Oval ID: | oval:org.mitre.oval:def:10863 | ||
Title: | php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. | ||
Description: | php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0958 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10949 | |||
Oval ID: | oval:org.mitre.oval:def:10949 | ||
Title: | Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | ||
Description: | Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-1018 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10961 | |||
Oval ID: | oval:org.mitre.oval:def:10961 | ||
Title: | rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified. | ||
Description: | rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0959 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015816.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5019075.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5020183.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5020404.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5021505.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5021688.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200412-14 (PHP) File : nvt/glsa_200412_14.nasl |
2008-09-04 | Name : php -- multiple vulnerabilities File : nvt/freebsd_mod_php4-twig0.nasl |
2008-09-04 | Name : php -- php_variables memory disclosure File : nvt/freebsd_mod_php4-twig1.nasl |
2008-09-04 | Name : FreeBSD Ports: php4, php4-cgi File : nvt/freebsd_php4.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
34717 | PHP shmop_write() Arbitrary Memory Manipulation PHP contains a flaw that may allow an attacker to gain elevated privileges. The issue is due to the shmop_write function not properly sanitizing user-supplied input. This may allow an attaker to bypass safe mode restrictions, cause a denial of service or execute arbitrary code. |
12603 | PHP rfc1867.c $_FILES Array Crafted MIME Header Arbitrary File Upload |
12602 | PHP exif_read_data Section Name Command Execution |
12601 | PHP php_variables.c Multiple Variable Open Bracket Memory Disclosure |
12415 | PHP unserialize() Function Negative Reference Arbitrary Code Execution PHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the deserialization code not properly sanitizing user-supplied input. This may allow an attacker to pass crafted content to the unserialize function and cause a denial of service or execute arbitrary code. |
12411 | PHP unpack() Function Heap Information Leak PHP contains a flaw that may allow a remote attacker to read arbitrary portions of system memory. The issue is due to the unpack() function not properly validating parameters passed to it. |
12410 | PHP pack() Function Overflow PHP contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to insufficient validation of parameters passed to the pack() function which may result in a heap overflow. It is possible that the flaw may allow a remote attacker to bypass safe_mode restrictions and execute arbitrary code with the privileges of the Web server resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Arbitrary file location upload attempt RuleID : 23613 - Revision : 3 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-08-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO |
2015-02-20 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-163.nasl - Type : ACT_GATHER_INFO |
2015-01-09 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-464.nasl - Type : ACT_GATHER_INFO |
2015-01-09 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-463.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-99-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-40-1.nasl - Type : ACT_GATHER_INFO |
2005-11-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-838.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_d47e9d19501611d99b5f0050569f0001.nasl - Type : ACT_GATHER_INFO |
2005-04-19 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-072.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-032.nasl - Type : ACT_GATHER_INFO |
2005-02-03 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_002.nasl - Type : ACT_GATHER_INFO |
2005-01-26 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2005-001.nasl - Type : ACT_GATHER_INFO |
2005-01-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-031.nasl - Type : ACT_GATHER_INFO |
2004-12-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-687.nasl - Type : ACT_GATHER_INFO |
2004-12-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-567.nasl - Type : ACT_GATHER_INFO |
2004-12-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-568.nasl - Type : ACT_GATHER_INFO |
2004-12-19 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-151.nasl - Type : ACT_GATHER_INFO |
2004-12-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200412-14.nasl - Type : ACT_GATHER_INFO |
2004-12-15 | Name : The remote web server uses a version of PHP that is potentially affected by m... File : php45_multiple_flaws.nasl - Type : ACT_GATHER_INFO |
2004-10-08 | Name : The remote server is affected by an information disclosure vulnerability. File : php_mem_disclosure.nasl - Type : ACT_GATHER_INFO |
2004-09-17 | Name : Arbitrary files may be uploaded on the remote host. File : php_arbitrary_file_upload.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-05-02 13:24:12 |
|
2014-02-17 11:48:49 |
|
2013-05-11 12:22:43 |
|