PHP Multiple Vulnerabilities

Posted on Thursday, November 15, 2007 @ 07:29:02 PST in Security
by Raven

SECUNIA ADVISORY ID: SA27648

VERIFY ADVISORY: http://secunia.com/advisories/27648/

CRITICAL: Moderately critical

IMPACT: Unknown, Security Bypass

WHERE: >From remote

SOFTWARE: PHP 5.2.x - http://secunia.com/product/13446/

DESCRIPTION: Some vulnerabilities and weaknesses have been reported in PHP, where some have unknown impacts and others can be exploited to bypass certain security restrictions.

1) Various errors exist in the "htmlentities" and "htmlspecialchars" functions where partial multibyte sequences are not accepted.

2) Various boundary errors exist in the "fnmatch()", "setlocale()", and "glob()" functions and can be exploited to cause buffer overflows.

3) An error in the processing of ".htaccess" files can be exploited to bypass the "disable_functions" directive by modifying the "mail.force_extra_parameters" php.ini directive via an ".htaccess" file.

4) An error in the handling of variables can be exploited to overwrite values set in httpd.conf via the "ini_set()" function.

SOLUTION: Update to version 5.2.5. - http://www.php.net/downloads.php

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Rasmus Lerdorf
2) Laurent Gaffie
3) SecurityReason

ORIGINAL ADVISORY: http://www.php.net/releases/5_2_5.php
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 346,369,858
  • Today: 24,862
Server InfoServer Info
  • Jan 22, 2018
  • 12:32 pm PST
 
 

Daily Inspiration