|
|
|
>> PHP Remote Command Execution and Multiple Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in PHP, which could be exploited by remote attackers to execute arbitrary commands or bypass security restrictions.
The first flaw is due to buffer overflow errors in the HTML entity encoder when handling malformed data passed to the "htmlentities()" and "htmlspecialchars()" functions, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable server by passing specially crafted characters to an affected script or application.
The second issue is due to an error in the cURL extension, which could be exploited by attackers or malicious users to bypass "safe_mode" and "open_basedir" restrictions.
The third vulnerability is due to buffer overflow errors in the "str_repeat()" and "wordwrap()" functions on 64bit systems, which could be exploited by attackers or malicious users to execute arbitrary commands.
The fourth flaw is due to an input validation error when processing overly long argument passed to the "tempnam()" function, which could be exploited by attackers to bypass "open_basedir" restrictions and create temporary files in an arbitrary directory.
Other security and stability issues have been reported.
Affected Products
PHP version 5.1.6 and prior
PHP version 4.4.4 and prior
Solution
Upgrade to PHP version 5.2.0 :
http://www.php.net/downloads.php
References
http://www.vupen.com/english/advisories/2006/4317
http://www.php.net/releases/5_2_0.php
http://www.hardened-php.net/advisory_132006.138.html
Credits
Vulnerabilities reported by the vendor and Stefan Esser
ChangeLog
2006-11-03 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
