lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030304140111.A19790@sco.com>
From: security at caldera.com (security@...dera.com)
Subject: Security Update: [CSSA-2003-008.0] Linux: php bypass safe_mode and injected control chars vulnerabilities

To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com full-disclosure@...ts.netsys.com

______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: php bypass safe_mode and injected control chars vulnerabilities
Advisory number: 	CSSA-2003-008.0
Issue date: 		2003 March 04
Cross reference:
______________________________________________________________________________


1. Problem Description

	Two vulnerabilities exists in the mail() PHP function. The
	first one allows execution of any program/script, bypassing the
	safe_mode restriction. The second one may allow an open-relay
	if the mail() function is not carefully used in PHP scripts.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to php-4.0.6-4.i386.rpm
					prior to php-doc-4.0.6-4.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to php-4.0.6-4.i386.rpm
					prior to php-doc-4.0.6-4.i386.rpm

	OpenLinux 3.1 Server		prior to php-4.0.6-4.i386.rpm
					prior to php-doc-4.0.6-4.i386.rpm

	OpenLinux 3.1 Workstation	prior to php-4.0.6-4.i386.rpm
					prior to php-doc-4.0.6-4.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-008.0/RPMS

	4.2 Packages

	3305349cfaa56ff000040fbd46aad75c	php-4.0.6-4.i386.rpm
	59fa343b3e83a7957e98c719db572a5d	php-doc-4.0.6-4.i386.rpm

	4.3 Installation

	rpm -Fvh php-4.0.6-4.i386.rpm
	rpm -Fvh php-doc-4.0.6-4.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-008.0/SRPMS

	4.5 Source Packages

	729a94e120ea86a4c09acd270709bd47	php-4.0.6-4.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-008.0/RPMS

	5.2 Packages

	c64b972a1e97c18636bbe9767c69c542	php-4.0.6-4.i386.rpm
	b84a833bc7ff1b9c1938e316c59cb0e8	php-doc-4.0.6-4.i386.rpm

	5.3 Installation

	rpm -Fvh php-4.0.6-4.i386.rpm
	rpm -Fvh php-doc-4.0.6-4.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-008.0/SRPMS

	5.5 Source Packages

	80c8ef35bb4416a3799035de440150ae	php-4.0.6-4.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-008.0/RPMS

	6.2 Packages

	9dfabdbf0ed7587128a549d49f0b159f	php-4.0.6-4.i386.rpm
	afbb47367cbcd3494745f18645c679e9	php-doc-4.0.6-4.i386.rpm

	6.3 Installation

	rpm -Fvh php-4.0.6-4.i386.rpm
	rpm -Fvh php-doc-4.0.6-4.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-008.0/SRPMS

	6.5 Source Packages

	3702bf59800706ff708a2334b4633aad	php-4.0.6-4.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-008.0/RPMS

	7.2 Packages

	83903709a1609108661fff65a58b439f	php-4.0.6-4.i386.rpm
	490332531b9d84e2216313fd0b3c8e28	php-doc-4.0.6-4.i386.rpm

	7.3 Installation

	rpm -Fvh php-4.0.6-4.i386.rpm
	rpm -Fvh php-doc-4.0.6-4.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-008.0/SRPMS

	7.5 Source Packages

	243e3ed64dc55a019832710583ff461f	php-4.0.6-4.src.rpm


8. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0986
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0985

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr868616, fz525966,
	erg712114.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


10. Acknowledgements

	Wojciech Purczynski <cliph@...c.pl> discovered and investigated
	these vulnerabilities.

______________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 237 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030304/8a8bede4/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ