Vulnerability Bulletins

int(2310)

Vulnerability Bulletins

Múltiples vulnerabilidades en PHP
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de la visibilidad
Dificulty	Principiante
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	PHP <= 4.4.2 PHP <= 5.1.2
Description
Se han descubierto múltiples vulnerabilidades en PHP versión 4.4.2 y anteriores y en PHP versión 5.1.2 y anteriores. Las vulnerabilidades son descritas a continuación: 1) La vulnerabilidad reside en un fallo en la función PHP "phpinfo()" que solo valida los primeros 4096 bytes de un vector de entrada del usuario. Un atacante remoto podría ejecutar comandos Web script y HTML, y realizar ataques Cross-Site Scripting mediante un script que llame a la función "phpinfo()". 2) La vulnerabilidad reside en un fallo en la función PHP "tempnam()". Un atacante remoto podría saltarse la restricción de seguridad "open_basedir" y crear directorios temporales en directorios arbitrarios mediante ataques directory traversal. 3) La vulnerabilidad reside en un error en la función de PHP "copy()" . Un atacante remoto podría saltarse las restricciones de seguridad impuestas por el modo seguro (safe mode) y acceder a ficheros fuera de "open_basedir" mediante el envoltorio "compress.zlib://".
Solution
Actualización de software Mandriva Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libphp_common432-4.3.4-4.15.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/php432-devel-4.3.4-4.15.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/php-cgi-4.3.4-4.15.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/php-cli-4.3.4-4.15.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/php-4.3.4-4.15.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.15.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.15.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.15.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.15.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/php-4.3.4-4.15.C30mdk.src.rpm Multi Network Firewall 2.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/libphp_common432-4.3.4-4.15.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/php432-devel-4.3.4-4.15.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/php-cgi-4.3.4-4.15.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/php-cli-4.3.4-4.15.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/php-4.3.4-4.15.M20mdk.src.rpm Mandrivalinux LE2005 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libphp_common432-4.3.10-7.11.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/php432-devel-4.3.10-7.11.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/php-cgi-4.3.10-7.11.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/php-cli-4.3.10-7.11.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/php-4.3.10-7.11.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.11.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/php432-devel-4.3.10-7.11.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/php-cgi-4.3.10-7.11.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/php-cli-4.3.10-7.11.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/php-4.3.10-7.11.102mdk.src.rpm Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libphp5_common5-5.0.4-9.7.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/php-cgi-5.0.4-9.7.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/php-cli-5.0.4-9.7.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/php-devel-5.0.4-9.7.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/php-fcgi-5.0.4-9.7.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/php-5.0.4-9.7.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.7.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/php-cgi-5.0.4-9.7.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/php-cli-5.0.4-9.7.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/php-devel-5.0.4-9.7.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.7.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/php-5.0.4-9.7.20060mdk.src.rpm Red Hat Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Red Hat (RHSA-2006:0568-8) Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Red Hat Linux (RHSA-2006:0501-6) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Linux Advanced Workstation 2.1 Itanium Processor https://rhn.redhat.com/ Red Hat (RHSA-2006:0567-7) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Linux Advanced Workstation 2.1 Itanium https://rhn.redhat.com/ SGI Advanced Linux Environment 3 / RPM / Patch 10310 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10310 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS SGI Advanced Linux Environment 3 / RPM / Patch 10317 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10317 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS
Standar resources
Property	Value
CVE	CVE-2006-0996 CVE-2006-1494 CVE-2006-1608
BID
Other resources
SecurityReason SecurityAlert (34) http://securityreason.com/achievement_securityalert/34 SecurityReason SecurityAlert (36) http://securityreason.com/achievement_securityalert/36 SecurityReason SecurityAlert (37) http://securityreason.com/achievement_securityalert/37 Secunia Advisory (SA19599) http://secunia.com/advisories/19599/ Mandriva Security Advisory (MDKSA-2006:074) http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:074 Red Hat Security Advisory (RHSA-2006:0276-9) https://rhn.redhat.com/errata/RHSA-2006-0276.html Red Hat Security Advisory (RHSA-2006:0568-8) https://rhn.redhat.com/errata/RHSA-2006-0568.html Red Hat Security Advisory (RHSA-2006:0567-7) https://rhn.redhat.com/errata/RHSA-2006-0567.html SUSE Security Advisory (SUSE-SA:2006:024) http://www.novell.com/linux/security/advisories/05-05-2006.html Red Hat Security Advisory RHSA-2006:0501-6 https://rhn.redhat.com/errata/RHSA-2006-0501.html SGI Security Advisory (20060501-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc SGI Security Advisory (20060701-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U.asc

Version history
Version	Comments	Date
1.0	Aviso emitido	2006-04-10
1.1	Aviso emitido por Mandriva (MDKSA-2006:074)	2006-04-25
1.2	Aviso emitido por Red Hat (RHSA-2006:0276-9)	2006-04-26
1.3	Aviso emitido por Suse (SUSE-SA:2006:024)	2006-05-12
1.4	Aviso emitido por Red Hat (RHSA-2006:0501-6)	2006-05-26
1.5	Aviso emitido por SGI (20060501-01-U)	2006-05-30
1.6	Aviso emitido por Red Hat (RHSA-2006:0568-8)	2006-07-13
1.7	Aviso emitido por SGI (20060701-01-U)	2006-07-21
1.8	Aviso emitido por Red Hat (RHSA-2006:0567-7)	2006-07-26

Vulnerability Bulletins

Múltiples vulnerabilidades en PHP

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history