Ravens PHP Scripts

PHP Multiple Vulnerabilities
Date: Thursday, November 15, 2007 @ 06:29:02 PST
Topic: Security


SECUNIA ADVISORY ID: SA27648

VERIFY ADVISORY: http://secunia.com/advisories/27648/

CRITICAL: Moderately critical

IMPACT: Unknown, Security Bypass

WHERE: >From remote

SOFTWARE: PHP 5.2.x - http://secunia.com/product/13446/

DESCRIPTION: Some vulnerabilities and weaknesses have been reported in PHP, where some have unknown impacts and others can be exploited to bypass certain security restrictions.



1) Various errors exist in the "htmlentities" and "htmlspecialchars" functions where partial multibyte sequences are not accepted.

2) Various boundary errors exist in the "fnmatch()", "setlocale()", and "glob()" functions and can be exploited to cause buffer overflows.

3) An error in the processing of ".htaccess" files can be exploited to bypass the "disable_functions" directive by modifying the "mail.force_extra_parameters" php.ini directive via an ".htaccess" file.

4) An error in the handling of variables can be exploited to overwrite values set in httpd.conf via the "ini_set()" function.

SOLUTION: Update to version 5.2.5. - http://www.php.net/downloads.php

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Rasmus Lerdorf
2) Laurent Gaffie
3) SecurityReason

ORIGINAL ADVISORY: http://www.php.net/releases/5_2_5.php






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3138