Technical Description

Multiple vulnerabilities have been identified in PHP, which could be exploited by remote attackers to execute arbitrary commands or bypass security restrictions.

The first flaw is due to buffer overflow errors in the HTML entity encoder when handling malformed data passed to the "htmlentities()" and "htmlspecialchars()" functions, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable server by passing specially crafted characters to an affected script or application.

The second issue is due to an error in the cURL extension, which could be exploited by attackers or malicious users to bypass "safe_mode" and "open_basedir" restrictions.

The third vulnerability is due to buffer overflow errors in the "str_repeat()" and "wordwrap()" functions on 64bit systems, which could be exploited by attackers or malicious users to execute arbitrary commands.

The fourth flaw is due to an input validation error when processing overly long argument passed to the "tempnam()" function, which could be exploited by attackers to bypass "open_basedir" restrictions and create temporary files in an arbitrary directory.

Other security and stability issues have been reported.

Affected Products

PHP version 5.1.6 and prior
PHP version 4.4.4 and prior

Solution

Upgrade to PHP version 5.2.0 :
http://www.php.net/downloads.php

References

http://www.vupen.com/english/advisories/2006/4317
http://www.php.net/releases/5_2_0.php
http://www.hardened-php.net/advisory_132006.138.html

Credits

Vulnerabilities reported by the vendor and Stefan Esser

ChangeLog

2006-11-03 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.