|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200511-08] PHP: Multiple vulnerabilities Vulnerability Assessment Details
|
[GLSA-200511-08] PHP: Multiple vulnerabilities |
||
PHP: Multiple vulnerabilities Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200511-08 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been found and fixed in PHP: a possible $GLOBALS variable overwrite problem through file upload handling, extract() and import_request_variables() (CVE-2005-3390) a local Denial of Service through the use of the session.save_path option (CVE-2005-3319) an issue with trailing slashes in permited basedirs (CVE-2005-3054) an issue with calling virtual() on Apache 2, permiting to bypass safe_mode and open_basedir restrictions (CVE-2005-3392) a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls (CVE-2005-3389) The curl and gd modules permited to bypass the safe mode open_basedir restrictions (CVE-2005-3391) a cross-site scripting (XSS) vulnerability in phpinfo() (CVE-2005-3388) Impact Attackers could leverage these issues to exploit applications that are assumed to be secure through the use of proper register_globals, safe_mode or open_basedir parameters. Remote attackers could also conduct cross-site scripting attacks if a page calling phpinfo() was available. Finally, a local attacker could cause a local Denial of Service using malicious session.save_path options. Workaround There is no known workaround that would solve all issues at this time. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3319 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3392 Solution: All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/php All mod_php users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/mod_php All php-cgi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/php-cgi Network Security Threat Level: Medium Networks Security ID: Vulnerability Assessment Copyright: (C) 2005 Michel Arboi |
||
Cables, Connectors |
Dell PowerEdge R630 8SFF 2.6Ghz 20-Core 128GB Mem 2x10G+2x1G NIC 2x750W PSU
$399.04
Supermicro 4U 36 Bay Storage Server 2.2Ghz 16-C 128GB 1x1280W Rails TrueNAS ZFS
$716.98
Intel XEON E5-2699 V3 CPU PROCESSOR 18 CORE 2.30GHZ 45MB L3 CACHE 145W SR1XD
$45.00
Dell PowerEdge R740XD Server | 2x Gold 6140 36 Cores | H730 | Choose RAM/ Drives
$2800.00
Intel Xeon E5-2680 v4 2.4GHz 35MB 14-Core 120W LGA2011-3 SR2N7
$17.99
Intel Xeon E5-2699v4 SR2JS 2.2GHz 22-Core 55MB 145W Server Processor CPU
$144.95
Intel Xeon E5-2697A V4 2.6GHz CPU Processor 16-Core Socket LGA2011 SR2K1
$39.99
Intel Xeon Gold 6140 SR3AX 2.3GHz 18-Core Processor CPU
$39.99
HP Workstation Z640 2x Xeon E5-2623V4 32GB Ram Dual 256GB SSD K420 Linux GA
$234.98
Dell Precision T5600/t5610 Xeon E5-2670 2.6Ghz 16GB DDR3 RAM NO HDD Nvidia
$90.00
|
||
No Discussions have been posted on this vulnerability. |