[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [linux-security] php remote exploit (RedHat, Mandrake)
On Fri, Aug 23, 2002 at 03:36:50PM -0700, Martin Siegert wrote:
> Topic
> =====
> PHP versions earlier than 4.1.0 contain a vulnerability that could allow
> arbitrary commands to be executed.
>
> Problem Description
> ===================
> PHP is an HTML-embedded scripting language commonly used with Apache. PHP
> versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse
> the 5th parameter to the mail() function. This vulnerability allows local
> users and possibly remote attackers to execute arbitrary commands via shell
> metacharacters.
>
> Affected Systems
> ================
> php versions between 4.0.5 to 4.1.0 (both included)
>
> Solution
> ========
> upgrade to version 4.1.1 or later (or patched version for your distribution).
>
> RedHat (general)
> ----------------
> This PHP errata enforces memory limits on the size of the PHP process to
> prevent a badly generated script from becoming a possible source for a
> denial of service attack. The default process size is 8Mb though you can
> adjust this as you deem necessary thought the php.ini directive
> memory_limit. For example, to change the process memory limit to 4MB, add
> the following:
>
> memory_limit 4194304
>
> Please note that the /etc/php.ini configuration file is not replaced or
> overwritten. You should carefully review your configuration file and adapt
> it to your server or service functions.
RedHat Update:
The initial set of errata packages contained an incorrect set of
dependencies. This meant that a number of packages would need to be
installed before php that were not essential to the operation of php.
Updated packages asted below have corrected dependencies.
RedHat 7.0
----------
rpm -Fvh php-4.1.2-7.0.4.i386.rpm \
php-manual-4.1.2-7.0.4.i386.rpm \
php-odbc-4.1.2-7.0.4.i386.rpm \
php-imap-4.1.2-7.0.4.i386.rpm \
php-mysql-4.1.2-7.0.4.i386.rpm \
php-devel-4.1.2-7.0.4.i386.rpm \
php-snmp-4.1.2-7.0.4.i386.rpm \
php-ldap-4.1.2-7.0.4.i386.rpm \
php-pgsql-4.1.2-7.0.4.i386.rpm
RedHat 7.1
----------
rpm -Fvh php-4.1.2-7.1.4.i386.rpm \
php-manual-4.1.2-7.1.4.i386.rpm \
php-odbc-4.1.2-7.1.4.i386.rpm \
php-imap-4.1.2-7.1.4.i386.rpm \
php-mysql-4.1.2-7.1.4.i386.rpm \
php-devel-4.1.2-7.1.4.i386.rpm \
php-snmp-4.1.2-7.1.4.i386.rpm \
php-ldap-4.1.2-7.1.4.i386.rpm \
php-pgsql-4.1.2-7.1.4.i386.rpm
RedHat 7.2
----------
rpm -Fvh php-4.1.2-7.2.4.i386.rpm \
php-manual-4.1.2-7.2.4.i386.rpm \
php-odbc-4.1.2-7.2.4.i386.rpm \
php-imap-4.1.2-7.2.4.i386.rpm \
php-mysql-4.1.2-7.2.4.i386.rpm \
php-devel-4.1.2-7.2.4.i386.rpm \
php-snmp-4.1.2-7.2.4.i386.rpm \
php-ldap-4.1.2-7.2.4.i386.rpm \
php-pgsql-4.1.2-7.2.4.i386.rpm
RedHat 7.3
----------
rpm -Fvh php-4.1.2-7.3.4.i386.rpm \
php-manual-4.1.2-7.3.4.i386.rpm \
php-odbc-4.1.2-7.3.4.i386.rpm \
php-imap-4.1.2-7.3.4.i386.rpm \
php-mysql-4.1.2-7.3.4.i386.rpm \
php-devel-4.1.2-7.3.4.i386.rpm \
php-snmp-4.1.2-7.3.4.i386.rpm \
php-ldap-4.1.2-7.3.4.i386.rpm \
php-pgsql-4.1.2-7.3.4.i386.rpm
Mandrake 7.1
------------
rpm -Fvh php-4.0.6-6.4mdk.i586.rpm \
php-common-4.0.6-6.4mdk.i586.rpm \
php-devel-4.0.6-6.4mdk.i586.rpm
Mandrake 7.2
------------
rpm -Fvh php-4.0.6-6.3mdk.i586.rpm \
php-common-4.0.6-6.3mdk.i586.rpm \
php-devel-4.0.6-6.3mdk.i586.rpm
Mandrake 8.0
------------
rpm -Fvh php-4.0.6-6.2mdk.i586.rpm \
php-common-4.0.6-6.2mdk.i586.rpm \
php-devel-4.0.6-6.2mdk.i586.rpm
Mandrake 8.1
------------
rpm -Fvh php-4.0.6-6.1mdk.i586.rpm \
php-common-4.0.6-6.1mdk.i586.rpm \
php-devel-4.0.6-6.1mdk.i586.rpm