TITLE: PHP Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA21546
VERIFY ADVISORY: http://secunia.com/advisories/21546/
CRITICAL: Less critical
IMPACT: Unknown, Security Bypass
WHERE: Local system
SOFTWARE: PHP 4.4.x -- http://secunia.com/product/5768/
PHP 5.1.x -- http://secunia.com/product/6796/
DESCRIPTION: Some vulnerabilities have been reported in PHP, where some have unknown impacts, and others can be exploited by malicious, local users to bypass certain security restrictions.
1) Missing safe_mode and open_basedir verification exists in the "file_exists()", "imap_open()", and "imap_reopen()" functions.
2) Some unspecified boundary errors exists in the "str_repeat()" and "wordwrap()" functions on 64-bit systems.
3) The open_basedir and safe_mode protection mechanisms can be bypassed via the cURL extension and the realpath cache.
4) An unspecified boundary error exists in the GD extension when handling malformed GIF images.
5) A boundary error in the "stripos()" function can be exploited to cause an out-of-bounds memory read.
6) Incorrect memory_limit restrictions exists on 64-bit systems.
Other issues which may be security related have also been reported.
SOLUTION: Update to version 4.4.4 or 5.1.5. -- http://www.php.net/downloads.php
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.php.net/release_4_4_4.php -- http://www.php.net/release_5_1_5.php