Loading ...
Sorry, an error occurred while loading the content.

PHP Security Update

Expand Messages
  • Dimitris Glezos
    ... only ... exploitable on ... Patches can be found here: http://www.php.net/downloads.php Dimitris Glezos - High Performance Information Systems Laboratory
    Message 1 of 1 , Mar 4, 2002
    • 0 Attachment
      Quoting from www.php.net:

      > Due to a security issue found in all versions of PHP (including 3.x
      > and 4.x), a new version of PHP has been released. Details about the
      > security issue are available here. All users of PHP are strongly
      > encouraged to either upgrade to PHP 4.1.2, or install the patch
      > (available for PHP 3.0.18, 4.0.6 and 4.1.0/4.1.1).

      Quoting from http://security.e-matters.de/advisories/012002.html:

      > We found several flaws in the way PHP handles multipart/form-data
      > POST requests. Each of the flaws could allow an attacker to execute
      > arbitrary code on the victim's system.
      > Finally I want to mention that the boundary check vulnerabilities are
      only
      > exploitable on linux or solaris. The heap off by one is only
      exploitable on
      > linux(maybe solaris)x86 and the arbitrary heap overflow in PHP3 is
      > exploitable on most OS and architectures. (This includes *BSD,
      > Windows, Linux, Solaris)

      Patches can be found here: http://www.php.net/downloads.php


      Dimitris Glezos


      -
      High Performance Information Systems Laboratory
      Department of Computer Engineering and Informatics
      University of Patras, Greece (ceid.upatras.gr)
      ICQ: 9295964, PGP: 0xA72CC7DA

      "He who gives up functionality for ease of use
      loses both and deserves neither." (Anonymous)
      -
    Your message has been successfully submitted and would be delivered to recipients shortly.