Several vulnerabilities were found and fixed in PHP, ranging from an
information leak and a safe_mode restriction bypass to a potential remote
execution of arbitrary code.
Назначение
PHP is a general-purpose scripting language widely used to develop
web-based applications. It can run inside a web server using the
mod_php module or the CGI version of PHP, or can run stand-alone in a
CLI.
Stefan Esser and Marcus Boerger reported several different issues in
the unserialize() function, including serious exploitable bugs in the
way it handles negative references (CAN-2004-1019).
Stefan Esser also discovered that the pack() and unpack() functions are
subject to integer overflows that can lead to a heap buffer overflow
and a heap information leak. Finally, he found that the way
multithreaded PHP handles safe_mode_exec_dir restrictions can be
bypassed, and that various path truncation issues also allow to bypass
path and safe_mode restrictions.
Ilia Alshanetsky found a stack overflow issue in the exif_read_data()
function (CAN-2004-1065). Finally, Daniel Fabian found that addslashes
and magic_quotes_gpc do not properly escape null characters and that
magic_quotes_gpc contains a bug that could lead to one level directory
traversal.
Воздействие
These issues could be exploited by a remote attacker to retrieve web
server heap information, bypass safe_mode or path restrictions and
potentially execute arbitrary code with the rights of the web server
running a PHP application.
Обход
There is no known workaround at this time.
Решение
All PHP users should upgrade to the latest version:
Безопасность является одной из главных задач Gentoo Linux и первостепенное значение обеспечить конфиденциальность и безопасность машин наших пользователей. Любые соображения безопасности должны быть адресованы security@gentoo.org или в качестве альтернативы, вы можете сообщить об ошибке на https://bugs.gentoo.org.
Лицензия
Copyright 2010 Gentoo Foundation, Inc; текст ссылки принадлежит его владельцу(ам). Содержание этого документа распространяется на условиях лицензии Creative Commons - Attribution / Share Alike.