Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200511-08] PHP: Multiple vulnerabilities

Vulnerability Assessment Details

[GLSA-200511-08] PHP: Multiple vulnerabilities

Vulnerability Assessment Summary
PHP: Multiple vulnerabilities

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200511-08
(PHP: Multiple vulnerabilities)

Multiple vulnerabilities have been found and fixed in PHP:
a possible $GLOBALS variable overwrite problem through file
upload handling, extract() and import_request_variables()
(CVE-2005-3390)
a local Denial of Service through the use of
the session.save_path option (CVE-2005-3319)
an issue with
trailing slashes in permited basedirs (CVE-2005-3054)
an issue
with calling virtual() on Apache 2, permiting to bypass safe_mode and
open_basedir restrictions (CVE-2005-3392)
a problem when a
request was terminated due to memory_limit constraints during certain
parse_str() calls (CVE-2005-3389)
The curl and gd modules
permited to bypass the safe mode open_basedir restrictions
(CVE-2005-3391)
a cross-site scripting (XSS) vulnerability in
phpinfo() (CVE-2005-3388)

Impact

Attackers could leverage these issues to exploit applications that
are assumed to be secure through the use of proper register_globals,
safe_mode or open_basedir parameters. Remote attackers could also
conduct cross-site scripting attacks if a page calling phpinfo() was
available. Finally, a local attacker could cause a local Denial of
Service using malicious session.save_path options.

Workaround

There is no known workaround that would solve all issues at this
time.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3392

Solution:
All PHP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose dev-php/php
All mod_php users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose dev-php/mod_php
All php-cgi users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose dev-php/php-cgi

Network Security Threat Level: Medium

Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi

Cables, Connectors