Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: 'php3' Format string vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Debian In versions of the PHP 3 packages before version 3.0.17, several formatstring bugs could allow properly crafted requests to execute code as theuser running PHP scripts on the web server, particularly if error loggingwas enabled.

- ----------------------------------------------------------------------------
Debian Security Advisory                       '>                            Daniel Jacobowitz
October 14, 2000
- ----------------------------------------------------------------------------

Package: php3
Vulnerability: possible remote exploit
Debian-specific: no
Vulnerable: yes

[Updated version: corrected URLs]

In versions of the PHP 3 packages before version 3.0.17, several format
string bugs could allow properly crafted requests to execute code as the
user running PHP scripts on the web server, particularly if error logging
was enabled.

This problem is fixed in versions 3.0.17-0potato2 and 3.0.17-0potato3 for
Debian 2.2 (potato) and in version 3.0.17-1 for Debian Unstable (woody).
This is a bug fix release and we recommend all users of php3 upgrade to it.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  Slink contains php3 version 3.0.5, which is believed to be affected by
  this problem.  No security updates for slink are available at this time;
  Slink users who have php3 installed are highly recommended to either
  upgrade to potato or recompile the potato php3 packages from source
  (see the URLs below).

Debian GNU/Linux 2.2 (stable) alias potato
- ------------------------------------------

  Fixes are currently available for the Alpha, ARM, Intel ia32, Motorola 680x0,
  PowerPC and Sun SPARC architectures, and will be included in 2.2r1.

  Source archives:
      MD5 checksum: 34000f57a678a5613c9ad925c75015c9
      MD5 checksum: 5ccde22fa1eb7b5a1211bdf0733ee5fc
      MD5 checksum: 82cadd5b244f95f95c0d5b00a9d36419

  Architecture indendent archives:
      MD5 checksum: 786f3d4889251bcd927475a83cab737d

  Alpha architecture:
      MD5 checksum: 0c6d6c84970f7298ba8b3ca267b6d436
      MD5 checksum: 63ed819bcde8919a1b04bd668b536bb1
      MD5 checksum: 91a7b73e5c53d533cf1b3f9e91477829
      MD5 checksum: 69974d87a8ab40de1d80090b56e9e734
      MD5 checksum: 7c4fed2056667347d3a8d8fcfde11d18
      MD5 checksum: 866f79ff9a5e07c2d1dc625f6b039062
      MD5 checksum: f205dc1d6c3d66465223ec2cb915d378
      MD5 checksum: 4fabcea51de8ad87072b3892eac3db44
      MD5 checksum: 98e60f2ce67b5ac45bbefffee55f4320
      MD5 checksum: 6c356cef858b022706d536bdd2a3bda5
      MD5 checksum: f00b99a9fbef8eef95b286b0fd07921c
      MD5 checksum: c28f15858f631739a04b585d88537c35
      MD5 checksum: f683f8c1095be5fd6004218e006d95ae
      MD5 checksum: 2bea51c4216a7509df35ae93852fe12f
      MD5 checksum: cc46953ee5cf0919a20b03174146042f
      MD5 checksum: 08902d8dd7c6da8d551df423479774f3
      MD5 checksum: 50c5fddca3b974040d727571155d810b
      MD5 checksum: 95ac10b17e9d253516b6c6566070ed8b
      MD5 checksum: ac553c47449d417a2151badda621b0b8
      MD5 checksum: b0cfeaa821d26b1b5c3e0e02a9c97234
      MD5 checksum: cfcff9174113b296a1c527d4d03ff36f

  ARM architecture:
      MD5 checksum: dedef18cb5af7321602fdd84e6919a82
      MD5 checksum: 2e14ffe7d55808964d3b8745ee6f7a68
      MD5 checksum: 6bed9079916e0838549f0cbefac3b364
      MD5 checksum: dcd4141709649316490b6c11074b9892
      MD5 checksum: 1f74328177093f92f6b690438314e854
      MD5 checksum: 96ca00029282d292261a83c792f70634
      MD5 checksum: 4aeab7f32a5d76cb4122c99c11e6fd74
      MD5 checksum: b1de42a0a93bbd56b8d3bf618738ac97
      MD5 checksum: 7cef4e5a8df31213e7d4326ca3e4bc78
      MD5 checksum: ae70e50b6a97aa87d102887cc90a039d
      MD5 checksum: 5b8c0c2f755d9573325bbf93ade047a5
      MD5 checksum: 78c58318841395fb2a4830c3fde2ea35
      MD5 checksum: ad2d62ae660deb8eb3814725c266f882
      MD5 checksum: ab226b1c21bb1bb3e9d2532a307b0a33
      MD5 checksum: 28dea447bffa0cc2b1d9526a34b04243
      MD5 checksum: 6905809e038ed460e007e305e9d6f27d
      MD5 checksum: e8931d67b40f57b45d4816efa090869d
      MD5 checksum: c4492365d13b377f8591d1501e4fffbc
      MD5 checksum: 794307c984982c144628c165d7fafbdc
      MD5 checksum: b14b2aef4d507988133e0936b520f827
      MD5 checksum: f08677b2a016498de9ac2ae035fcee02

  Intel ia32 architecture:
      MD5 checksum: abb5c61dcb930484d448809f37ceee89
      MD5 checksum: eaf1a7ce1191479fab1991a0f7628f35
      MD5 checksum: 78a497ee35f72a0a5335dffbb278b51b
      MD5 checksum: 74ff9c4fdfd1ddff35d229b40389526f
      MD5 checksum: ce136a323408024afeefd44d71bfa07f
      MD5 checksum: 18ce8da1e51051009548bcf15e9f22c1
      MD5 checksum: 06eaf7f5e580db16bfe6e49ba3f7178e
      MD5 checksum: d783e965c9975a1418cbf24f2c018cf6
      MD5 checksum: b872b9749ee4a7f5e41d2561968185ec
      MD5 checksum: 9519673f1a4f3cd9e6072aed47571706
      MD5 checksum: f697b67a799e4f8a0a52dafad453952e
      MD5 checksum: 623b94d44c924f2caeaf38dc4c241c47
      MD5 checksum: 6427a5b1cec363442b85378dca2068c2
      MD5 checksum: 27409fdf4877b7fe148d699fc0e0c513
      MD5 checksum: 25da562776c6723d9e6ce9e1d596da55
      MD5 checksum: 3f6608677722ecde60038738a5230f15
      MD5 checksum: 57b7591a9e024f8bf8deac95ee266ca7
      MD5 checksum: a9f0c424781738f0486d0b83f96b9501
      MD5 checksum: 388459a9353a97e46eb791dfcf5db4c3
      MD5 checksum: 1528dffc6b361dd3636f74cb674a352f
      MD5 checksum: 26ead1ce5f3d9cb28411b1f91853fca5

  Motorola 680x0 architecture:
      MD5 checksum: f738bf60fabff9ff79f08c9e26c78f29
      MD5 checksum: 2ada0cf7129796cc9225c8853a1d073d
      MD5 checksum: b61f66b80f10cd4d6761e76d837457ba
      MD5 checksum: 265120fac62de3c4702c1ff13407128a
      MD5 checksum: 015a0b89dccac3bcfbb8250e560e5499
      MD5 checksum: a84a25672d154b84ced76d1bb329927b
      MD5 checksum: 977268a5705ea6e20f74c111d16af478
      MD5 checksum: 65021da88ed93caf16f0b45ac8bea916
      MD5 checksum: 6ff5aaed2f6a503e61c07a3116beaacd
      MD5 checksum: d3a2a47c6299ca0d324e9674ec97bb10
      MD5 checksum: 578c0d9324b64954f35fd4bd37e29d8a
      MD5 checksum: df41c6d37b070970338bedbca5fc85df
      MD5 checksum: 7f2b537a990d333a306ded9da5b4d5c6
      MD5 checksum: fd8adf192deb2991f742ad3aa4680b1c
      MD5 checksum: 409477b06261ff072fdd2dbc0ff897db
      MD5 checksum: 4244ee22e56cbacfaf98cb0d0be7bdf4
      MD5 checksum: 47aefa07233b90a252c91890e45c7d8c
      MD5 checksum: 0d42a6c597dfd29c2f2e23574333fce4
      MD5 checksum: de4e186fcc2ce5506b448ca2114b7f3b
      MD5 checksum: 47f3196abd592474d92234317743cf15
      MD5 checksum: 904fdf57b6f69521f01114506c2bbb72

  PowerPC architecture:
      MD5 checksum: 82f82afc3dc07386e6de6e48d36e2602
      MD5 checksum: e3b3ba148a4c7bd216d6d53b6359597c
      MD5 checksum: ba49214a443a0d1f7aba7355a36cd61e
      MD5 checksum: 9cab2a6fc9b39ddc7620054643934138
      MD5 checksum: d89ca687aa43d812f1034eac57237018
      MD5 checksum: c457fb8f71419d0bc6e8320984440ef7
      MD5 checksum: 0e5f92ae3cffbc36a8fb36bccbf665f0
      MD5 checksum: 096ed7d71dd9a47a18ecbf797e9f76df
      MD5 checksum: 6d8b207895e140f93b1c21d811a2b914
      MD5 checksum: ad45ca5aa800eefb413f3cfeaa4ff539
      MD5 checksum: 5ad19d86615ea06ed366bbbd594f4420
      MD5 checksum: d8ee51d95b9349b108e27576f3ccde2f
      MD5 checksum: 9106297857457937832582877c08878b
      MD5 checksum: 30cea605882bde7ab106d8c341703151
      MD5 checksum: f85e9b168874e56917a57ab7b2b44e2e
      MD5 checksum: 498d82447752aaf0eb3953a995514a7c
      MD5 checksum: 82a4f1df0a762bdca352643c9253d229
      MD5 checksum: 6049f7a8d74a6e3c8d3c2c25e7254ebd
      MD5 checksum: 1dc286aaa3b9f439d24527be4813ad1c
      MD5 checksum: a13081289f79a4516c76c8bc4a4badc2
      MD5 checksum: b5582aadc3b2469201dd4c51543ee811

  Sun Sparc architecture:
      MD5 checksum: b4ef31bb148e4d8ce6e1fec71e8f432a
      MD5 checksum: 0e1e649e00838f6f79a45340a2eed64d
      MD5 checksum: f867fdf0d1f0af24c0b3037d53a11984
      MD5 checksum: 1f15607b7791274be01797aa752d59e3
      MD5 checksum: e14379467b151693ff20101ab985e030
      MD5 checksum: eecfdb9d5d52ff4e7f23d3f7ea2f8db4
      MD5 checksum: 3497a5f7a1689da6a77c8568c1d357df
      MD5 checksum: 6669bee0a5a5729080de9f5b5ba27fe2
      MD5 checksum: 3e5a0eed3823ebc6031ff060bc460d94
      MD5 checksum: e58049ebc9751b3236a4cb0d4d84ccb8
      MD5 checksum: 93df51885ea61b78fc989e4e8060895a
      MD5 checksum: b5d831eb746ccb75ceadc624a4b569e8
      MD5 checksum: 4fe1d6f4a2ed9720663a1aa8f9c99bd3
      MD5 checksum: 503fbbe53e202746e02a7b3c02412478
      MD5 checksum: 364beab8ec14487043a7003afb128fb1
      MD5 checksum: 80c525ea0b007ff11b9170d0ad554473
      MD5 checksum: baaa21f47f76ebb42a512d9679192dab
      MD5 checksum: 455fa856df0719d0c3364ddbdf0a039d
      MD5 checksum: 80880cffaeded7bb5639bbe85f482cb8
      MD5 checksum: 4c96a471e9b77e94f27022d555555f71
      MD5 checksum: 19fc0fe684dc8eb120475a47d9eabf24

Debian GNU/Linux Unstable alias woody
- -------------------------------------

  This version of Debian is not yet released.

  Fixes are currently available for Alpha and Intel ia32 in the Debian
  archives.  The stable packages listed above are also installable on
  current unstable systems.

- ----------------------------------------------------------------------------
For apt-get: deb stable/updates main
Mailing list:'>

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.