Gentoo Linux Security Advisory GLSA 200703-21 - Several vulnerabilities were found in PHP by the Hardened-PHP Project and other researchers. These vulnerabilities include a heap-based buffer overflow in htmlentities() and htmlspecialchars() if called with UTF-8 parameters, and an off-by-one error in str_ireplace(). Other vulnerabilities were also found in the PHP4 branch, including possible overflows, stack corruptions and a format string vulnerability in the *print() functions on 64 bit systems. Versions less than 5.2.1-r3 are affected.
2a68bf4d09b8bcea9389593696b002f77d4faf366a29f85257aee2053ef4e678Ubuntu Security Notice 424-2 - USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem.
e310fb1be714d20b26c72bf2cab12289e3cc50abbc9dc4f113ed397d55290dbeDebian Security Advisory 1264-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.
8e3df8f485e671883be6bec88e44bb6c9e66f4edf58ff94affb4718bc6fd522cOpenPKG Security Advisory - According to a vendor release announcement, multiple vulnerabilities exist in the programming language PHP, versions up to and including 5.2.0.
c86db00870b10c7d75d039211794324e8c48eb4f2ebd85d7db91a0cbf5c1df07Mandriva Security Advisory - Many buffer overflow flaws were discovered in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. An attacker able to use a PHP application using any of these functions could trigger these flaws and possibly execute arbitrary code as the apache user. A one-byte memory read will always occur prior to the beginning of a buffer, which could be triggered, for example, by any use of the header() function in a script. The wddx extension, if used to import WDDX data from an untrusted source, may allow a random portion of heap memory to be exposed due to certain WDDX input packets. The odbc_result_all() function, if used to display data from a database, and if the contents of the database are under the control of an attacker, could lead to the execution of arbitrary code due to a format string vulnerability. Several flaws in the PHP could allow attackers to clobber certain super-global variables via unspecified vectors. The zend_hash_init() function can be forced into an infinite loop if unserializing untrusted data on a 64-bit platform, resulting in the consumption of CPU resources until the script timeout alarm aborts the execution of the script.
18391d23f8ac63acf2dc26095670e78b9ee5c2e7df2047dc6d9537a7f19b12e7Ubuntu Security Notice 424-1 - Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server. The sapi_header_op() function had a buffer underflow that could be exploited to crash the PHP interpreter. The wddx unserialization handler did not correctly check for some buffer boundaries and had an uninitialized variable. By unserializing untrusted data, this could be exploited to expose memory regions that were not meant to be accessible. Depending on the PHP application this could lead to disclosure of potentially sensitive information. On 64 bit systems (the amd64 and sparc platforms), various print functions and the odbc_result_all() were susceptible to a format string vulnerability. A remote attacker could exploit this to execute arbitrary code with the privileges of the web server. Under certain circumstances it was possible to overwrite superglobal variables (like the HTTP GET/POST arrays) with crafted session data. When unserializing untrusted data on 64-bit platforms the zend_hash_init() function could be forced to enter an infinite loop, consuming CPU resources, for a limited length of time, until the script timeout alarm aborts the script.
197e3fe41c3837aae3b310eebfbc6f6a0ad763a435fd4e78c72519ae8cd351f0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed