Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-40-1] PHP vulnerabilities
From: Martin Pitt <martin.pitt () canonical com>
Date: Thu, 16 Dec 2004 18:26:55 +0100

===========================================================
Ubuntu Security Notice USN-40-1           December 16, 2004
php4 vulnerabilities
CAN-2004-1019, CAN-2004-1065
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libapache2-mod-php4
php4
php4-cgi

The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.1. After performing a standard system upgrade
you need to reload the PHP module in the webserver by executing

  sudo /etc/init.d/apache2 reload

to effect the necessary changes.

Details follow:

Stefan Esser reported several buffer overflows in PHP's variable unserializing
handling. These could allow an attacker to execute arbitrary code on the server
with the PHP interpreter's privileges by sending specially crafted input
strings (form data, cookie values, and similar).

Additionally, Ilia Alshanetsky discovered a buffer overflow in the
exif_read_data() function. Attackers could execute arbitrary code on the server
by sending a JPEG image with a very long "sectionname" value to PHP
applications that support image uploads.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.1.diff.gz
      Size/MD5:   610651 e966340847246b2191f23982664390ed
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.1.dsc
      Size/MD5:     1624 659779c771610d813c1f3a4aa580abc0
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
      Size/MD5:  4832570 dd69f8c89281f088eadf4ade3dbd39ee

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.1_all.deb
      Size/MD5:   331236 de01a589c82ee9b4ab0386287487bc20
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.1_all.deb
      Size/MD5:   332374 a68bc6c786b9afde950254ede5b6e5f7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:  1687074 691eee396077c870a30fb238d9191862
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:  3195360 c809b2db355a7bc84dec07f253aa10cf
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:    17040 afc1817ea59b7b9ea456fc955594245b
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:    40430 f75458e8cceb8ee81c89bb96f78eedd0
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:    33494 a9855bcb2e9cd2af0ebcb557bb6d4380
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:    21232 0698d1bc76347ba0cd982fc06f1bd0e8
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:    18404 50319c698a92bc02ba400f0576d85691
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:     7994 e195f98822655c7ca1cf144738502096
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:    23112 d8cc467306a90d6c85cb7b07ca3a7a31
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:    28324 c265f308ebdc7166189771574aef4ca4
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:     7610 0044c60c1352ea2062305b9ad4e218f8
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:    12968 18ef336bde0ab867e0e9ae1a9fef55b9
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:    21508 1eaf9ea7357ea445a5836f2a9608560b
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:    17244 b653332b01cdded019b98027e6271542
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.1_amd64.deb
      Size/MD5:  1703068 5a046adb9b630c9ffd2240b8f707399e

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:  1629472 f3a06742df44f2d61525ff6ad10a2118
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:  3042316 3e47ad3d3e214cab1864c7338d999bf7
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:    16596 e94769b268e370ce703a3034dca26a29
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:    35556 2a0e1e904e6e94b77ff50e55519c2091
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:    31072 bfcb31da78652ef4a903fea15cde2f6f
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:    19474 612fc6968c909cfe4d234c3785ddfe57
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:    17052 d555c32361241f8b077a2d48a7f2df75
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:     7736 e976e52ee818f267b19694b394296738
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:    20902 a10de406012b814358414c98c721e011
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:    26062 df8df48148e63e3e77eb5559a9bf5bbc
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:     7374 14304803fd0c2363ebe2dbf4effc4aeb
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:    12316 4147ba0de6f7fb75cc54f94a92a9158d
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:    20010 ebb83d15f0dd57dfbc8c84d4714b8ef7
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:    15878 4014ffe19c87776268de3446ba285e71
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.1_i386.deb
      Size/MD5:  1643914 68eea9ea59d35b35cb949a406de5c9b9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:  1689302 807531344823fc9a286b5ae7511020fe
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:  3202090 66d309045f186a07c886d061440d5e21
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:    18870 e8eb9726de46eb207ac41a992bf9a4c8
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:    38284 0d3392f73734f400f1934f28f2252eaf
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:    34002 dbc5e62935b72f8fa6f7b80206ca66ae
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:    21474 818192591970cbbfe93e5d30db622030
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:    19310 f5d749f3b0a1371d8f59e036bd9cb50d
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:     9314 165fec2b86b60d646d176df101116e2c
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:    22680 d2aebe8f3db956a56dc5d02c9821df77
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:    28402 f4e126be6945934a6b9aa7c92b523087
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:     8994 3edf33dd1e41c0f0e438144039f009ea
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:    14328 8d0b9fa752c930cbc77602b4869a22df
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:    22194 df61118cb96d51d0c7ba65604a8ba92d
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:    18058 eecac94a928382539ee0028e6cd80434
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.1_powerpc.deb
      Size/MD5:  1706958 da15f0cf0899b91fea48125d08dfc912

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • [USN-40-1] PHP vulnerabilities Martin Pitt (Dec 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault