|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200511-08] PHP: Multiple vulnerabilities Vulnerability Assessment Details
|
[GLSA-200511-08] PHP: Multiple vulnerabilities |
||
|
PHP: Multiple vulnerabilities Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200511-08 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been found and fixed in PHP: a possible $GLOBALS variable overwrite problem through file upload handling, extract() and import_request_variables() (CVE-2005-3390) a local Denial of Service through the use of the session.save_path option (CVE-2005-3319) an issue with trailing slashes in permited basedirs (CVE-2005-3054) an issue with calling virtual() on Apache 2, permiting to bypass safe_mode and open_basedir restrictions (CVE-2005-3392) a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls (CVE-2005-3389) The curl and gd modules permited to bypass the safe mode open_basedir restrictions (CVE-2005-3391) a cross-site scripting (XSS) vulnerability in phpinfo() (CVE-2005-3388) Impact Attackers could leverage these issues to exploit applications that are assumed to be secure through the use of proper register_globals, safe_mode or open_basedir parameters. Remote attackers could also conduct cross-site scripting attacks if a page calling phpinfo() was available. Finally, a local attacker could cause a local Denial of Service using malicious session.save_path options. Workaround There is no known workaround that would solve all issues at this time. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3319 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3392 Solution: All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/php All mod_php users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/mod_php All php-cgi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/php-cgi Network Security Threat Level: Medium Networks Security ID: Vulnerability Assessment Copyright: (C) 2005 Michel Arboi |
||
|
Storage Equipment, NAS, SAN |
|
||
|
No Discussions have been posted on this vulnerability. |