LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Red Hat: php Multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux Patch resolves memory_limit bug with allows execution of arbitrary code and strip_tags bug which allows XSS (Cross Site Scripting).

Red Hat Security Advisory

Synopsis:          Updated php packages fix security issues
Advisory ID:       RHSA-2004:392-01
Issue date:        2004-07-19
Updated on:        2004-07-19
Product:           Red Hat Enterprise Linux
Cross references:  RHSA-2004:342
Obsoletes:         RHBA-2004:169
CVE Names:         CAN-2004-0594 CAN-2004-0595
- ---------------------------------------------------------------------

1. Summary:

Updated php packages that fix various security issues are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP server.

Stefan Esser discovered a flaw when memory_limit is enabled in versions of
PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to
allocate more memory than the memory_limit setting before script execution
begins, then the attacker may be able to supply the contents of a PHP hash
table remotely. This hash table could then be used to execute arbitrary
code as the 'apache' user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0594 to this issue.

This issue has a higher risk when PHP is running on an instance of Apache
which is vulnerable to CAN-2004-0493.  For Red Hat Enterprise Linux 3, this
Apache memory exhaustion issue was fixed by a previous update,
RHSA-2004:342.  It may also be possible to exploit this issue if using a
non-default PHP configuration with the "register_defaults" setting is
changed to "On". Red Hat does not believe that this flaw is exploitable in
the default configuration of Red Hat Enterprise Linux 3.

Stefan Esser discovered a flaw in the strip_tags function in versions of
PHP before 4.3.8.  The strip_tags function is commonly used by PHP scripts
to prevent Cross-Site-Scripting attacks by removing HTML tags from
user-supplied form data.  By embedding NUL bytes into form data, HTML tags
can in some cases be passed intact through the strip_tags function, which
may allow a Cross-Site-Scripting attack.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to
this issue.  

All users of PHP are advised to upgrade to these updated packages, which
contain backported patches that address these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

     http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed  (http://bugzilla.redhat.com/ for more info):

127642 - CAN-2004-0594 PHP memory_limit issue

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: 
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm
9613fe94811e3abc0fcbbf75e3fe33b1  php-4.3.2-11.1.ent.src.rpm

i386:
6b71d91abdb066a05ef4ec19f9355485  php-4.3.2-11.1.ent.i386.rpm
42182a3a61a6ffb145fd8871e03ae891  php-imap-4.3.2-11.1.ent.i386.rpm
912582a0321cd1bac6313b90cf33d285  php-ldap-4.3.2-11.1.ent.i386.rpm
4d88b4eafbbd2bc67f372c91d493f8dc  php-mysql-4.3.2-11.1.ent.i386.rpm
c9bc43377266615084d22544449ad7f9  php-odbc-4.3.2-11.1.ent.i386.rpm
cce808facce1f1822f00190f226c27b1  php-pgsql-4.3.2-11.1.ent.i386.rpm

ia64:
ce5adfb8b69de15418ae87c5e27cd538  php-4.3.2-11.1.ent.ia64.rpm
d377ea0c94b05779000a3d874fdbd125  php-imap-4.3.2-11.1.ent.ia64.rpm
819bdf666d70c231f991544fb9752295  php-ldap-4.3.2-11.1.ent.ia64.rpm
654071b05291149c7c7de4352d9e05e6  php-mysql-4.3.2-11.1.ent.ia64.rpm
d10d1a5a809d5899af609b5114ac330a  php-odbc-4.3.2-11.1.ent.ia64.rpm
6fbda694cefa84f48f4a13cb5b3bba2a  php-pgsql-4.3.2-11.1.ent.ia64.rpm

ppc:
8e7b70ca51bc2df2b9bdc17ac450623a  php-4.3.2-11.1.ent.ppc.rpm
5f605263b276896aafae4bd6b4b7239a  php-imap-4.3.2-11.1.ent.ppc.rpm
da531c43274864cfb175acb3b66bf8b7  php-ldap-4.3.2-11.1.ent.ppc.rpm
cdf935d9e13f4a2f23b615944cd497aa  php-mysql-4.3.2-11.1.ent.ppc.rpm
68fdff925a0b72a85fa5e9602cf6f8ad  php-odbc-4.3.2-11.1.ent.ppc.rpm
6dc8cc2c54551934cb16285040e88cbe  php-pgsql-4.3.2-11.1.ent.ppc.rpm

s390:
1241e110e8859029b024343d22aa2df6  php-4.3.2-11.1.ent.s390.rpm
21f3ed14d13ad75e007b5e356efed8de  php-imap-4.3.2-11.1.ent.s390.rpm
268e9bde022de276849ba140a4235c37  php-ldap-4.3.2-11.1.ent.s390.rpm
93f23ab49be6bac55a67011ce9da49be  php-mysql-4.3.2-11.1.ent.s390.rpm
cf87e5a94c29d28bf1d7149a8e3757ac  php-odbc-4.3.2-11.1.ent.s390.rpm
c17462518752ea728180c1974461d269  php-pgsql-4.3.2-11.1.ent.s390.rpm

s390x:
09bd14ec01d446d287f83db8507b3d19  php-4.3.2-11.1.ent.s390x.rpm
b635ebd91ae1aa07563e5aeda9938361  php-imap-4.3.2-11.1.ent.s390x.rpm
98ef889f18f31d40c5c70314ed997c50  php-ldap-4.3.2-11.1.ent.s390x.rpm
d0cece953f1e1f64f154dbb84b4387d5  php-mysql-4.3.2-11.1.ent.s390x.rpm
9664d26f87dc23fe662884807f480e22  php-odbc-4.3.2-11.1.ent.s390x.rpm
b2ec7feef3091c1c1bc8503b86e02ad4  php-pgsql-4.3.2-11.1.ent.s390x.rpm

x86_64:
a49056e941b6bd8ce1b1590bea36ad93  php-4.3.2-11.1.ent.x86_64.rpm
fb2117b18a87f4dbe9d99a1c3bff549c  php-imap-4.3.2-11.1.ent.x86_64.rpm
36868aa1c842e4b51080b36278b89f6c  php-ldap-4.3.2-11.1.ent.x86_64.rpm
580ab1336817233f421aa810f98b01a7  php-mysql-4.3.2-11.1.ent.x86_64.rpm
0d22fa314983cfde41309e3c063386cd  php-odbc-4.3.2-11.1.ent.x86_64.rpm
117f5c46073a1828b32c33835c5c7790  php-pgsql-4.3.2-11.1.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: 
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm
9613fe94811e3abc0fcbbf75e3fe33b1  php-4.3.2-11.1.ent.src.rpm

i386:
6b71d91abdb066a05ef4ec19f9355485  php-4.3.2-11.1.ent.i386.rpm
42182a3a61a6ffb145fd8871e03ae891  php-imap-4.3.2-11.1.ent.i386.rpm
912582a0321cd1bac6313b90cf33d285  php-ldap-4.3.2-11.1.ent.i386.rpm
4d88b4eafbbd2bc67f372c91d493f8dc  php-mysql-4.3.2-11.1.ent.i386.rpm
c9bc43377266615084d22544449ad7f9  php-odbc-4.3.2-11.1.ent.i386.rpm
cce808facce1f1822f00190f226c27b1  php-pgsql-4.3.2-11.1.ent.i386.rpm

x86_64:
a49056e941b6bd8ce1b1590bea36ad93  php-4.3.2-11.1.ent.x86_64.rpm
fb2117b18a87f4dbe9d99a1c3bff549c  php-imap-4.3.2-11.1.ent.x86_64.rpm
36868aa1c842e4b51080b36278b89f6c  php-ldap-4.3.2-11.1.ent.x86_64.rpm
580ab1336817233f421aa810f98b01a7  php-mysql-4.3.2-11.1.ent.x86_64.rpm
0d22fa314983cfde41309e3c063386cd  php-odbc-4.3.2-11.1.ent.x86_64.rpm
117f5c46073a1828b32c33835c5c7790  php-pgsql-4.3.2-11.1.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: 
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm
9613fe94811e3abc0fcbbf75e3fe33b1  php-4.3.2-11.1.ent.src.rpm

i386:
6b71d91abdb066a05ef4ec19f9355485  php-4.3.2-11.1.ent.i386.rpm
42182a3a61a6ffb145fd8871e03ae891  php-imap-4.3.2-11.1.ent.i386.rpm
912582a0321cd1bac6313b90cf33d285  php-ldap-4.3.2-11.1.ent.i386.rpm
4d88b4eafbbd2bc67f372c91d493f8dc  php-mysql-4.3.2-11.1.ent.i386.rpm
c9bc43377266615084d22544449ad7f9  php-odbc-4.3.2-11.1.ent.i386.rpm
cce808facce1f1822f00190f226c27b1  php-pgsql-4.3.2-11.1.ent.i386.rpm

ia64:
ce5adfb8b69de15418ae87c5e27cd538  php-4.3.2-11.1.ent.ia64.rpm
d377ea0c94b05779000a3d874fdbd125  php-imap-4.3.2-11.1.ent.ia64.rpm
819bdf666d70c231f991544fb9752295  php-ldap-4.3.2-11.1.ent.ia64.rpm
654071b05291149c7c7de4352d9e05e6  php-mysql-4.3.2-11.1.ent.ia64.rpm
d10d1a5a809d5899af609b5114ac330a  php-odbc-4.3.2-11.1.ent.ia64.rpm
6fbda694cefa84f48f4a13cb5b3bba2a  php-pgsql-4.3.2-11.1.ent.ia64.rpm

x86_64:
a49056e941b6bd8ce1b1590bea36ad93  php-4.3.2-11.1.ent.x86_64.rpm
fb2117b18a87f4dbe9d99a1c3bff549c  php-imap-4.3.2-11.1.ent.x86_64.rpm
36868aa1c842e4b51080b36278b89f6c  php-ldap-4.3.2-11.1.ent.x86_64.rpm
580ab1336817233f421aa810f98b01a7  php-mysql-4.3.2-11.1.ent.x86_64.rpm
0d22fa314983cfde41309e3c063386cd  php-odbc-4.3.2-11.1.ent.x86_64.rpm
117f5c46073a1828b32c33835c5c7790  php-pgsql-4.3.2-11.1.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: 
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm
9613fe94811e3abc0fcbbf75e3fe33b1  php-4.3.2-11.1.ent.src.rpm

i386:
6b71d91abdb066a05ef4ec19f9355485  php-4.3.2-11.1.ent.i386.rpm
42182a3a61a6ffb145fd8871e03ae891  php-imap-4.3.2-11.1.ent.i386.rpm
912582a0321cd1bac6313b90cf33d285  php-ldap-4.3.2-11.1.ent.i386.rpm
4d88b4eafbbd2bc67f372c91d493f8dc  php-mysql-4.3.2-11.1.ent.i386.rpm
c9bc43377266615084d22544449ad7f9  php-odbc-4.3.2-11.1.ent.i386.rpm
cce808facce1f1822f00190f226c27b1  php-pgsql-4.3.2-11.1.ent.i386.rpm

ia64:
ce5adfb8b69de15418ae87c5e27cd538  php-4.3.2-11.1.ent.ia64.rpm
d377ea0c94b05779000a3d874fdbd125  php-imap-4.3.2-11.1.ent.ia64.rpm
819bdf666d70c231f991544fb9752295  php-ldap-4.3.2-11.1.ent.ia64.rpm
654071b05291149c7c7de4352d9e05e6  php-mysql-4.3.2-11.1.ent.ia64.rpm
d10d1a5a809d5899af609b5114ac330a  php-odbc-4.3.2-11.1.ent.ia64.rpm
6fbda694cefa84f48f4a13cb5b3bba2a  php-pgsql-4.3.2-11.1.ent.ia64.rpm

x86_64:
a49056e941b6bd8ce1b1590bea36ad93  php-4.3.2-11.1.ent.x86_64.rpm
fb2117b18a87f4dbe9d99a1c3bff549c  php-imap-4.3.2-11.1.ent.x86_64.rpm
36868aa1c842e4b51080b36278b89f6c  php-ldap-4.3.2-11.1.ent.x86_64.rpm
580ab1336817233f421aa810f98b01a7  php-mysql-4.3.2-11.1.ent.x86_64.rpm
0d22fa314983cfde41309e3c063386cd  php-odbc-4.3.2-11.1.ent.x86_64.rpm
117f5c46073a1828b32c33835c5c7790  php-pgsql-4.3.2-11.1.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.