[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] php remote exploit

Topic
=====
PHP versions earlier than 4.1.0 contain a vulnerability that could allow
arbitrary commands to be executed.

Problem Description
===================
PHP is an HTML-embedded scripting language commonly used with Apache. PHP
versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse
the 5th parameter to the mail() function. This vulnerability allows local
users and possibly remote attackers to execute arbitrary commands via shell
metacharacters.

Affected Systems
================
php versions between 4.0.5 to 4.1.0 (both included)

Solution
========
upgrade to version 4.1.1 or later (or patched version for your distribution).

RedHat (general)
----------------
This PHP errata enforces memory limits on the size of the PHP process to
prevent a badly generated script from becoming a possible source for a
denial of service attack. The default process size is 8Mb though you can
adjust this as you deem necessary thought the php.ini directive
memory_limit. For example, to change the process memory limit to 4MB, add
the following:

memory_limit 4194304

Please note that the /etc/php.ini configuration file is not replaced or
overwritten. You should carefully review your configuration file and adapt
it to your server or service functions.

RedHat 7.0
----------
rpm -Fvh php-4.1.2-7.0.3.i386.rpm \
         php-manual-4.1.2-7.0.3.i386.rpm \
         php-odbc-4.1.2-7.0.3.i386.rpm \
         php-imap-4.1.2-7.0.3.i386.rpm \
         php-mysql-4.1.2-7.0.3.i386.rpm \
         php-devel-4.1.2-7.0.3.i386.rpm \
         php-snmp-4.1.2-7.0.3.i386.rpm \
         php-ldap-4.1.2-7.0.3.i386.rpm \
         php-pgsql-4.1.2-7.0.3.i386.rpm

RedHat 7.1
----------
rpm -Fvh php-4.1.2-7.1.3.i386.rpm \
         php-manual-4.1.2-7.1.3.i386.rpm \
         php-odbc-4.1.2-7.1.3.i386.rpm \
         php-imap-4.1.2-7.1.3.i386.rpm \
         php-mysql-4.1.2-7.1.3.i386.rpm \
         php-devel-4.1.2-7.1.3.i386.rpm \
         php-snmp-4.1.2-7.1.3.i386.rpm \
         php-ldap-4.1.2-7.1.3.i386.rpm \
         php-pgsql-4.1.2-7.1.3.i386.rpm

RedHat 7.2
----------
rpm -Fvh php-4.1.2-7.2.3.i386.rpm \
         php-manual-4.1.2-7.2.3.i386.rpm \
         php-odbc-4.1.2-7.2.3.i386.rpm \
         php-imap-4.1.2-7.2.3.i386.rpm \
         php-mysql-4.1.2-7.2.3.i386.rpm \
         php-devel-4.1.2-7.2.3.i386.rpm \
         php-snmp-4.1.2-7.2.3.i386.rpm \
         php-ldap-4.1.2-7.2.3.i386.rpm \
         php-pgsql-4.1.2-7.2.3.i386.rpm

RedHat 7.3
----------
rpm -Fvh php-4.1.2-7.3.3.i386.rpm \
         php-manual-4.1.2-7.3.3.i386.rpm \
         php-odbc-4.1.2-7.3.3.i386.rpm \
         php-imap-4.1.2-7.3.3.i386.rpm \
         php-mysql-4.1.2-7.3.3.i386.rpm \
         php-devel-4.1.2-7.3.3.i386.rpm \
         php-snmp-4.1.2-7.3.3.i386.rpm \
         php-ldap-4.1.2-7.3.3.i386.rpm \
         php-pgsql-4.1.2-7.3.3.i386.rpm