Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA531] DSA-531-1 php4


Vulnerability Assessment Details

[DSA531] DSA-531-1 php4

Vulnerability Assessment Summary
DSA-531-1 php4

Detailed Explanation for this Vulnerability Assessment

Two vulnerabilities were discovered in php4:
The memory_limit functionality in PHP 4.x up to
4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as
when register_globals is enabled, permits remote attackers to
execute arbitrary code by triggering a memory_limit abort during
execution of the zend_hash_init function and overwriting a
HashTable destructor pointer before the initialization of key data
structures is complete.
The strip_tags function in PHP 4.x up to 4.3.7, and
5.x up to 5.0.0RC3, does not filter null (\0) characters within tag
names when restricting input to permited tags, which permits
dangerous tags to be processed by web browsers such as Internet
Explorer and Safari, which ignore null characters and facilitate
the exploitation of cross-site scripting (XSS) vulnerabilities.
For the current stable distribution (woody), these problems have been
fixed in version 4.1.2-7.
For the unstable distribution (sid), these problems have been fixed in
version 4:4.3.8-1.
We recommend that you update your php4 package.


Solution : http://www.debian.org/security/2004/dsa-531
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is (C) 2006 Michel Arboi

Cables, Connectors

Vtg Macintosh/Mac & PC Game 1995 Interactive Treasure Island Software New/Sealed
$7.99
Vtg Macintosh/Mac & PC Game 1995 Interactive Treasure Island Software New/Sealed pictureVTG 1998 Original APPLE PLAIN TALK MICROPHONE for Power Macintosh MAC - NOS
$8.0
VTG 1998 Original APPLE PLAIN TALK MICROPHONE for Power Macintosh MAC - NOS pictureVINTAGE Elastic Reality Macintosh, Power Mac version Promotional Apple Software
$19.99
VINTAGE Elastic Reality Macintosh, Power Mac version Promotional Apple Software pictureMacWeek Hypercard Apple Macintosh Newspaper Magazine Mac II Advertising VTG 80s
$14.99
MacWeek Hypercard Apple Macintosh Newspaper Magazine Mac II Advertising VTG 80s picture


Discussions

No Discussions have been posted on this vulnerability.