PHP Multiple Vulnerabilities

Posted on Sunday, November 22, 2009 @ 12:44:17 PST in Security
by Raven

SECUNIA ADVISORY ID: SA37412

VERIFY ADVISORY: http://secunia.com/advisories/37412/

DESCRIPTION: Multiple vulnerabilities have been reported in PHP, some of which have unknown impact and others that can be exploited by malicious users to bypass certain security restrictions.

1) Input validation errors exist in the processing of exif data. This is related to vulnerability #3 in: SA36791
2) An error in "tempnam()" can be exploited to bypass the "safe_mode" feature.
3) An error in "posix_mkfifo()" can be exploited to bypass the "open_basedir" feature.

SOLUTION: Update to version 5.3.1.

PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2, 3) Grzegorz Stachowiak

ORIGINAL ADVISORY: PHP: http://www.php.net/releases/5_3_1.php
Grzegorz Stachowiak:
http://securityreason.com/securityalert/6600
http://securityreason.com/securityalert/6601

OTHER REFERENCES: SA36791: http://secunia.com/advisories/36791/
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 369,748,232
  • Today: 55,386
Server InfoServer Info
  • Oct 20, 2018
  • 01:06 pm PDT
 
 

Daily Inspiration