Ravens PHP Scripts

PHP Multiple Vulnerabilities
Date: Sunday, November 22, 2009 @ 13:44:17 CET
Topic: Security


SECUNIA ADVISORY ID: SA37412

VERIFY ADVISORY: http://secunia.com/advisories/37412/

DESCRIPTION: Multiple vulnerabilities have been reported in PHP, some of which have unknown impact and others that can be exploited by malicious users to bypass certain security restrictions.

1) Input validation errors exist in the processing of exif data. This is related to vulnerability #3 in: SA36791
2) An error in "tempnam()" can be exploited to bypass the "safe_mode" feature.
3) An error in "posix_mkfifo()" can be exploited to bypass the "open_basedir" feature.

SOLUTION: Update to version 5.3.1.

PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2, 3) Grzegorz Stachowiak

ORIGINAL ADVISORY: PHP: http://www.php.net/releases/5_3_1.php
Grzegorz Stachowiak:
http://securityreason.com/securityalert/6600
http://securityreason.com/securityalert/6601

OTHER REFERENCES: SA36791: http://secunia.com/advisories/36791/








This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3736