1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200410-04 / PHP |
| Release Date | October 06, 2004 |
| Latest Revision | October 06, 2004: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| dev-php/php | < 4.3.9 | >= 4.3.9 | All supported architectures |
| dev-php/mod_php | < 4.3.9 | >= 4.3.9 | All supported architectures |
| dev-php/php-cgi | < 4.3.9 | >= 4.3.9 | All supported architectures |
Related bugreports: #64223
Two bugs in PHP may allow the disclosure of portions of memory and allow remote attackers to upload files to arbitrary locations.
PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the mod_php module or the CGI version of PHP, or can run stand-alone in a CLI.
Stefano Di Paola discovered two bugs in PHP. The first is a parse error in php_variables.c that could allow a remote attacker to view the contents of the target machine's memory. Additionally, an array processing error in the SAPI_POST_HANDLER_FUNC() function inside rfc1867.c could lead to the $_FILES array being overwritten.
A remote attacker could exploit the first vulnerability to view memory contents. On a server with a script that provides file uploads, an attacker could exploit the second vulnerability to upload files to an arbitrary location. On systems where the HTTP server is allowed to write in a HTTP-accessible location, this could lead to remote execution of arbitrary commands with the rights of the HTTP server.
There is no known workaround at this time.
All PHP, mod_php and php-cgi users should upgrade to the latest stable version:
Code Listing 3.1: Resolution |
# emerge sync # emerge -pv ">=dev-php/php-4.3.9" # emerge ">=dev-php/php-4.3.9" # emerge -pv ">=dev-php/mod_php-4.3.9" # emerge ">=dev-php/mod_php-4.3.9" # emerge -pv ">=dev-php/php-cgi-4.3.9" # emerge ">=dev-php/php-cgi-4.3.9" |