Miembros de
Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en PHP |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Aumento de la visibilidad |
| Dificultad | Principiante |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado |
PHP <= 4.4.2 PHP <= 5.1.2 |
Descripción |
|
|
Se han descubierto múltiples vulnerabilidades en PHP versión 4.4.2 y anteriores y en PHP versión 5.1.2 y anteriores. Las vulnerabilidades son descritas a continuación: 1) La vulnerabilidad reside en un fallo en la función PHP "phpinfo()" que solo valida los primeros 4096 bytes de un vector de entrada del usuario. Un atacante remoto podría ejecutar comandos Web script y HTML, y realizar ataques Cross-Site Scripting mediante un script que llame a la función "phpinfo()". 2) La vulnerabilidad reside en un fallo en la función PHP "tempnam()". Un atacante remoto podría saltarse la restricción de seguridad "open_basedir" y crear directorios temporales en directorios arbitrarios mediante ataques directory traversal. 3) La vulnerabilidad reside en un error en la función de PHP "copy()" . Un atacante remoto podría saltarse las restricciones de seguridad impuestas por el modo seguro (safe mode) y acceder a ficheros fuera de "open_basedir" mediante el envoltorio "compress.zlib://". |
|
Solución |
|
|
Actualización de software Mandriva Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libphp_common432-4.3.4-4.15.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/php432-devel-4.3.4-4.15.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/php-cgi-4.3.4-4.15.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/php-cli-4.3.4-4.15.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/php-4.3.4-4.15.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.15.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.15.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.15.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.15.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/php-4.3.4-4.15.C30mdk.src.rpm Multi Network Firewall 2.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/libphp_common432-4.3.4-4.15.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/php432-devel-4.3.4-4.15.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/php-cgi-4.3.4-4.15.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/php-cli-4.3.4-4.15.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/php-4.3.4-4.15.M20mdk.src.rpm Mandrivalinux LE2005 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libphp_common432-4.3.10-7.11.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/php432-devel-4.3.10-7.11.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/php-cgi-4.3.10-7.11.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/php-cli-4.3.10-7.11.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/php-4.3.10-7.11.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.11.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/php432-devel-4.3.10-7.11.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/php-cgi-4.3.10-7.11.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/php-cli-4.3.10-7.11.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/php-4.3.10-7.11.102mdk.src.rpm Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libphp5_common5-5.0.4-9.7.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/php-cgi-5.0.4-9.7.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/php-cli-5.0.4-9.7.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/php-devel-5.0.4-9.7.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/php-fcgi-5.0.4-9.7.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/php-5.0.4-9.7.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.7.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/php-cgi-5.0.4-9.7.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/php-cli-5.0.4-9.7.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/php-devel-5.0.4-9.7.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.7.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/php-5.0.4-9.7.20060mdk.src.rpm Red Hat Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Red Hat (RHSA-2006:0568-8) Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Red Hat Linux (RHSA-2006:0501-6) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Linux Advanced Workstation 2.1 Itanium Processor https://rhn.redhat.com/ Red Hat (RHSA-2006:0567-7) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Linux Advanced Workstation 2.1 Itanium https://rhn.redhat.com/ SGI Advanced Linux Environment 3 / RPM / Patch 10310 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10310 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS SGI Advanced Linux Environment 3 / RPM / Patch 10317 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10317 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE |
CVE-2006-0996 CVE-2006-1494 CVE-2006-1608 |
| BID | |
Recursos adicionales |
|
|
SecurityReason SecurityAlert (34) http://securityreason.com/achievement_securityalert/34 SecurityReason SecurityAlert (36) http://securityreason.com/achievement_securityalert/36 SecurityReason SecurityAlert (37) http://securityreason.com/achievement_securityalert/37 Secunia Advisory (SA19599) http://secunia.com/advisories/19599/ Mandriva Security Advisory (MDKSA-2006:074) http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:074 Red Hat Security Advisory (RHSA-2006:0276-9) https://rhn.redhat.com/errata/RHSA-2006-0276.html Red Hat Security Advisory (RHSA-2006:0568-8) https://rhn.redhat.com/errata/RHSA-2006-0568.html Red Hat Security Advisory (RHSA-2006:0567-7) https://rhn.redhat.com/errata/RHSA-2006-0567.html SUSE Security Advisory (SUSE-SA:2006:024) http://www.novell.com/linux/security/advisories/05-05-2006.html Red Hat Security Advisory RHSA-2006:0501-6 https://rhn.redhat.com/errata/RHSA-2006-0501.html SGI Security Advisory (20060501-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc SGI Security Advisory (20060701-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U.asc |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2006-04-10 |
| 1.1 | Aviso emitido por Mandriva (MDKSA-2006:074) | 2006-04-25 |
| 1.2 | Aviso emitido por Red Hat (RHSA-2006:0276-9) | 2006-04-26 |
| 1.3 | Aviso emitido por Suse (SUSE-SA:2006:024) | 2006-05-12 |
| 1.4 | Aviso emitido por Red Hat (RHSA-2006:0501-6) | 2006-05-26 |
| 1.5 | Aviso emitido por SGI (20060501-01-U) | 2006-05-30 |
| 1.6 | Aviso emitido por Red Hat (RHSA-2006:0568-8) | 2006-07-13 |
| 1.7 | Aviso emitido por SGI (20060701-01-U) | 2006-07-21 |
| 1.8 | Aviso emitido por Red Hat (RHSA-2006:0567-7) | 2006-07-26 |