[imp] To all those .... BUT Becareful with PHP < 4.1.2 !
Nicolas Foucou
foucou@cdc.u-cergy.fr
Tue, 02 Apr 2002 20:07:09 +0200
---------------------- multipart/alternative attachment
I think so, they said that on the referenced links I give !
But sure I wait for php 4.2 :-D
Don't panic and make Update... for instant it's the only way to follow !
Nico
jeremy a écrit :
> 4.1.2 is okay tho right???
>
> ----------------------------------------------------------------------------
> -----------
> Privileged/Confidential Information may be contained in this message.
> If you are not the addressee indicated in this message (or responsible
> for delivery of the message to such person), you may NOT copy, forward,
> CC, BCC or deliver this message to anyone. In such case, you should destroy
> this message and kindly notify the sender by reply email. Please advise
> immediately
> if you do not consent to Internet email for messages of this kind. Opinions,
> conclusions
> and other information in this message do not relate to the anyone other than
> the sender
> ----- Original Message -----
> From: "Nicolas Foucou" <foucou@cdc.u-cergy.fr>
> To: <imp@lists.horde.org>
> Sent: Tuesday, April 02, 2002 9:29 AM
> Subject: Re: [imp] To all those .... BUT Becareful with PHP < 4.1.2 !
>
> > Just to note that there a vulnerability with PHP. Users of php < 4.1.2
> have to update their packages :
> >
> > 1. Topic:
> >
> > Updated PHP packages are available to fix vulnerabilities in the functions
> > that parse multipart MIME data, which are used when uploading files
> > through forms.
> >
> > This revised advisory contains updated packages for Red Hat Linux 7, 7.1,
> > and 7.2.
> >
> > 2. Relevant releases/architectures:
> >
> > Red Hat Linux 6.2 - alpha, i386, sparc
> >
> > Red Hat Linux 7.0 - alpha, i386
> >
> > Red Hat Linux 7.1 - alpha, i386, ia64
> >
> > Red Hat Linux 7.2 - i386, ia64, s390
> >
> > 3. Problem description:
> >
> > PHP is an HTML-embeddable scripting language. A number of flaws have been
> > found in the way PHP handles multipart/form-data POST requests. Each of
> > these flaws could allow an attacker to execute arbitrary code on the
> remote
> > system.
> >
> > PHP 3.10-3.18 contains a broken boundary check (hard to exploit) and an
> > arbitrary heap overflow (easy to exploit). These versions of PHP were
> > shipped with Red Hat Linux 6.2.
> >
> > PHP 4.0.1-4.0.3pl1 contains a broken boundary check (hard to exploit) and
> a
> > heap-off-by-one (easy to exploit). These versions of PHP were shipped
> with
> > Red Hat Linux 7.0.
> >
> > PHP 4.0.2-4.0.5 contains two broken boundary checks (one very easy and one
> > hard to exploit). These versions of PHP were shipped with Red Hat Linux
> > 7.1 and as erratas to 7.0.
> >
> > PHP 4.0.6-4.0.7RC2 contains a broken boundary check (very easy to
> exploit).
> > These versions of PHP were shipped with Red Hat Linux 7.2
> >
> > The Common Vulnerabilities and Exposures project (cve.mitre.org) has
> > assigned the name CAN-2002-0081 to this issue.
> >
> > If you are running PHP 4.0.3 or above, one way to work around these bugs
> is
> > to disable the fileupload support within your php.ini file (by setting
> > file_uploads = Off).
> >
> > All users of PHP are advised to immediately upgrade to these errata
> > packages which close these vulnerabilities.
> >
> > A previous version of this erratum included a version of the MySQL
> > extension which was compiled with an incorrect default pathname for the
> > socket used to connect to database servers residing on the local host.
> >
> > This setting corresponds to the mysql.default_socket setting in the
> > /etc/php.ini file, and can also be corrected there.
> >
> >
> > 8. References:
> >
> > http://security.e-matters.de/advisories/012002.html
> > http://www.kb.cert.org/vuls/id/297363
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0081
> >
> > Good luck and take care :)
> >
> > Nico
> >
> > Andrew Moss a écrit :
> >
> > > Check the following setting in your PHP.ini
> > >
> > > The file_uploads in my php.ini was off and this is used to send the
> message and add attachments.
> > >
> > > I found this by turning all logging on in php. Please remember to
> restart your webserver once you have made this change
> > >
> > > ;;;;;;;;;;;;;;;;
> > > ; File Uploads ;
> > > ;;;;;;;;;;;;;;;;
> > >
> > > ; Whether to allow HTTP file uploads.
> > > file_uploads = On
> > >
> > > ; Temporary directory for HTTP uploaded files (will use system default
> if not
> > > ; specified).
> > > ;upload_tmp_dir =
> > >
> > > ; Maximum allowed size for uploaded files.
> > > upload_max_filesize = 2M
> > >
> > > cheers
> > >
> > > AM
> >
> > --
> > Nicolas Foucou - Nicolas.Foucou@cdc.u-cergy.fr
> > Centre de Calcul - Université de Cergy-Pontoise
> > Rue d'Eragny - Neuville sur Oise - 95031 Cergy-Pontoise Cedex
> > Tel. 01 34 25 70 99 - Fax. 01 34 25 70 04
> >
> >
> >
>
> --
> IMP mailing list: http://horde.org/imp/
> Archive: http://marc.theaimsgroup.com/?l=imp&r=1&w=2
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe@lists.horde.org
--
Nicolas Foucou - Nicolas.Foucou@cdc.u-cergy.fr
Centre de Calcul - Université de Cergy-Pontoise
Rue d'Eragny - Neuville sur Oise - 95031 Cergy-Pontoise Cedex
Tel. 01 34 25 70 99 - Fax. 01 34 25 70 04
---------------------- multipart/alternative attachment--