[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050318142228.GA23644@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-99-1] PHP4 vulnerabilities
===========================================================
Ubuntu Security Notice USN-99-1 March 18, 2005
php4 vulnerabilities
CAN-2004-1018, CAN-2004-1063, CAN-2004-1064
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libapache2-mod-php4
php4-cgi
The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.5. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Stefano Di Paola discovered integer overflows in PHP's pack() and
unpack() functions. A malicious PHP script could exploit these to
break out of safe mode and execute arbitrary code with the privileges
of the PHP interpreter. (CAN-2004-1018)
Note: The second part of CAN-2004-1018 (buffer overflow in the
shmop_write() function) was already fixed in USN-66-1.
Stefan Esser discovered two safe mode bypasses which allowed malicious
PHP scripts to circumvent path restrictions. This was possible by
either using virtual_popen() with a current directory containing shell
metacharacters (CAN-2004-1063) or creating a specially crafted
directory whose length exceeded the capacity of the realpath()
function (CAN-2004-1064).
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.5.diff.gz
Size/MD5: 613179 4d3220fdf142ea4452d63b5b43a6f4e6
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.5.dsc
Size/MD5: 1624 8f446c2c0955eaea56216d88e36d5497
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.5_all.deb
Size/MD5: 331892 979ce58b4a015422260867e593519cff
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.5_all.deb
Size/MD5: 89336 6a2e16d473d1de97d52755a1ddae77df
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 1688216 e64c541115ecda5eea3c85b0f062d22d
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 3197308 e3c7a9349bf7a04d0307a83bd920c5c4
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 17286 faa85f567ff400564c117c59b5babe3b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 40430 69501c96def30bd38769dcf7fcd6eb27
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 33490 b930a1cebaa93630e3a549075be7b67e
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 21232 5769905c83001d4d165a2a82a72826ae
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 18406 2b5ffcb4d7a3e02c9b81d99f8bfee6ba
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 7992 10a13e81ceaff20dc4d5efac30e2a486
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 23106 e435d0905882d980bea64b85b84ff014
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 28322 00f257d6dba08df74350873b6e1709ce
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 7618 bf717cde4c85379c45b7d0518545d5a3
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 12970 e385f9b9eb1717acac5ccfdccda4c590
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 21498 7b7bf6fdc33cfdd0c637459aedc49121
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 17246 fc4bf834225eecee09fe087596beede3
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.5_amd64.deb
Size/MD5: 1704376 39926df0c6ebc4839a4c950cdea80e21
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 1630396 1086838fbd5631524e4d1812312a3d24
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 3043776 3d09d579e2ec489eef002408e5955aa2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 16858 773be934d2f6ccc78633b4d6b5eb8d96
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 35558 5b31c650f982128e3cda90b7feca06da
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 31062 98c989bd796931f320aaa948965fddbb
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 19474 95a3bd09fb5dae2a0db345f7cfe93ed4
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 17044 7e145ce46f1899ca198cf9013255a0a9
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 7738 e9267a6e8414576a87a626536d4babdf
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 20904 5b26b94d7d43960126bbf608f32057b5
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 26066 8e1fb222a468ed17514aa555cd46a2f0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 7366 b5ac4f6072f7d64fd01335987cbbda45
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 12318 b9ce2a6d16379822d53447ff18ea8e2f
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 20012 7c36e00fe43456d0417f7b6235483623
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 15876 59b8feac4af347302ed527d36609f369
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.5_i386.deb
Size/MD5: 1645060 2c9f34ab1d402b319e069d089ffa7875
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 1690268 4c47e5797f742e69dc6839e31b69e181
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 3203256 21585ecca8f9805d3bf4ccbe508ad482
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 19110 042cda097407ec76232cc8d672f1c1ca
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 38282 8f6adf4576340c7b4bd78b46bbcd4167
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 34008 e9585d3e01afdaa4b7afe64f1e88c1a3
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 21474 6ca70e134438cc249eb200d295832116
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 19304 1905b529e355fc15cca77585627aeaab
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 9326 70eee9f85d8c8acaddd0659d576eb271
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 22690 4da53be0826249c7141ac58752ebe45a
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 28404 912be09d3247d60e9d83a4bf31009a1e
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 9008 b1bf15d490ebf266d2ce25f4f7f7a59a
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 14326 5f5248d3f08d054aa5d833e3bb06fa25
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 22198 79ecda1201c7c9a5ad7d708859f48dca
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 18062 8ec53737f729a13487c213d2cf7a62f3
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.5_powerpc.deb
Size/MD5: 1707730 cdb0f8872816ad3cacbd48368dec273f
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050318/1ed262da/attachment.bin
Powered by blists - more mailing lists