Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA531] DSA-531-1 php4


Vulnerability Assessment Details

[DSA531] DSA-531-1 php4

Vulnerability Assessment Summary
DSA-531-1 php4

Detailed Explanation for this Vulnerability Assessment

Two vulnerabilities were discovered in php4:
The memory_limit functionality in PHP 4.x up to
4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as
when register_globals is enabled, permits remote attackers to
execute arbitrary code by triggering a memory_limit abort during
execution of the zend_hash_init function and overwriting a
HashTable destructor pointer before the initialization of key data
structures is complete.
The strip_tags function in PHP 4.x up to 4.3.7, and
5.x up to 5.0.0RC3, does not filter null (\0) characters within tag
names when restricting input to permited tags, which permits
dangerous tags to be processed by web browsers such as Internet
Explorer and Safari, which ignore null characters and facilitate
the exploitation of cross-site scripting (XSS) vulnerabilities.
For the current stable distribution (woody), these problems have been
fixed in version 4.1.2-7.
For the unstable distribution (sid), these problems have been fixed in
version 4:4.3.8-1.
We recommend that you update your php4 package.


Solution : http://www.debian.org/security/2004/dsa-531
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is (C) 2006 Michel Arboi

Cables, Connectors

Dell Latitude E6530, Intel Core i7-3520M 2.90, 8GB Memory, 750GB HDD, Windows 7
$324.99
Dell Latitude E6530, Intel Core i7-3520M 2.90, 8GB Memory, 750GB HDD, Windows 7 pictureDell Latitude E6540 Laptop Parts/Repair BOOTS Core i7-4800MQ 8GB RAM NO HD AS IS
$9.99
Dell Latitude E6540 Laptop Parts/Repair BOOTS Core i7-4800MQ 8GB RAM NO HD AS IS pictureMacBook Pro 13" Retina Early 2015, 2.7 GHz Core i5, 121 GB Flash 8 GB Ram
$700.0
MacBook Pro 13Dell PowerEdge R710 2x X5680 3.33GHz 6 Core 16GB 8x 256GB SATA SSD PERC 6/i
$1280.0
Dell PowerEdge R710 2x X5680 3.33GHz 6 Core 16GB 8x 256GB SATA SSD PERC 6/i picture


Discussions

No Discussions have been posted on this vulnerability.