exploit the possibilities

Mandriva Linux Security Advisory 2013-114

Mandriva Linux Security Advisory 2013-114
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-114 - ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity issue in the soap_xmlParseFile and soap_xmlParseMemory functions. Various other issues have also been addressed.

tags | advisory, remote, arbitrary, php, xxe
systems | linux, mandriva
advisories | CVE-2013-1635, CVE-2013-1643
MD5 | 378943423ebe5ac7cd59af97a036a630

Mandriva Linux Security Advisory 2013-114

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:114
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php
Date : April 10, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in php:

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not
validate the relationship between the soap.wsdl_cache_dir directive
and the open_basedir directive, which allows remote attackers to
bypass intended access restrictions by triggering the creation of
cached SOAP WSDL files in an arbitrary directory (CVE-2013-1635).

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows
remote attackers to read arbitrary files via a SOAP WSDL file
containing an XML external entity declaration in conjunction with an
entity reference, related to an XML External Entity (XXE) issue in the
soap_xmlParseFile and soap_xmlParseMemory functions (CVE-2013-1643).

Backported upstream php bug #61930: "openssl corrupts ssl key resource
when using openssl_get_publickey\(\)" to php-5.3.x.

The new Powered by Mageia logo has been added to php, this is only
a cosmetic change.

The php-timezonedb package has been updated to the 2013.2 version.

The updated packages have been upgraded to the 5.3.23 version which
is not vulnerable to these issues.

Additionally, some packages which requires so has been rebuilt for
php-5.3.23.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643
http://www.php.net/ChangeLog-5.php#5.3.21
http://www.php.net/ChangeLog-5.php#5.3.22
http://www.php.net/ChangeLog-5.php#5.3.23
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
eb6ccf6a13897bb2b4b30778f5ce7848 mbs1/x86_64/apache-mod_php-5.3.23-1.mbs1.x86_64.rpm
ee1fdaed1a91d6f74ca46600d3cb240a mbs1/x86_64/lib64php5_common5-5.3.23-1.mbs1.x86_64.rpm
c59afaf09a3ca2202f0d3e9620f93f92 mbs1/x86_64/php-apc-3.1.13-3.1.mbs1.x86_64.rpm
424ba242a62047e79bcbe6f70a36eec6 mbs1/x86_64/php-apc-admin-3.1.13-3.1.mbs1.x86_64.rpm
f139875e195d5c91b363ef392d60a3e9 mbs1/x86_64/php-bcmath-5.3.23-1.mbs1.x86_64.rpm
bc8a33e468888eba340ce69386f51c8f mbs1/x86_64/php-bz2-5.3.23-1.mbs1.x86_64.rpm
1d72629b7d725a2c41d1ba551598d72b mbs1/x86_64/php-calendar-5.3.23-1.mbs1.x86_64.rpm
b91c8bc22715ac6f4a2b129a7dd1364e mbs1/x86_64/php-cgi-5.3.23-1.mbs1.x86_64.rpm
3bf8efe0a4dfbaf6967f90bca4f022d4 mbs1/x86_64/php-cli-5.3.23-1.mbs1.x86_64.rpm
ccaf20ad83032d06b5a9b257ff24756a mbs1/x86_64/php-ctype-5.3.23-1.mbs1.x86_64.rpm
1063fb382d0b814296ad485ab5e2c914 mbs1/x86_64/php-curl-5.3.23-1.mbs1.x86_64.rpm
d512b62fe970405c734387e60cbde8b8 mbs1/x86_64/php-dba-5.3.23-1.mbs1.x86_64.rpm
95664c6ab5183e2afc8c0b410b22ecd7 mbs1/x86_64/php-devel-5.3.23-1.mbs1.x86_64.rpm
da123cdd42b0278b62dff3f18f37cc1e mbs1/x86_64/php-dom-5.3.23-1.mbs1.x86_64.rpm
4576f66587c6da5673291d5d1c8af435 mbs1/x86_64/php-eaccelerator-0.9.6.1-12.1.mbs1.x86_64.rpm
2bd5abdea51eaf8df617525b3262afb8 mbs1/x86_64/php-eaccelerator-admin-0.9.6.1-12.1.mbs1.x86_64.rpm
938464525bd4d41ad3120f582f1b40b2 mbs1/x86_64/php-enchant-5.3.23-1.mbs1.x86_64.rpm
f6e01db91f3c584762868904f9eb2df2 mbs1/x86_64/php-exif-5.3.23-1.mbs1.x86_64.rpm
535881b0d30432066f729b39dbfc7f23 mbs1/x86_64/php-fileinfo-5.3.23-1.mbs1.x86_64.rpm
037c2ace3ac0854acffadd830e75344a mbs1/x86_64/php-filter-5.3.23-1.mbs1.x86_64.rpm
5f03f3c7c3201044f990f575c0985df3 mbs1/x86_64/php-fpm-5.3.23-1.mbs1.x86_64.rpm
480b6fde89a8877df1dc49382652e05d mbs1/x86_64/php-ftp-5.3.23-1.mbs1.x86_64.rpm
99d3625cd8905d103bbed17b6c8fafca mbs1/x86_64/php-gd-5.3.23-1.mbs1.x86_64.rpm
606434d7273a7d7355d800707b4deb81 mbs1/x86_64/php-gd-bundled-5.3.23-1.mbs1.x86_64.rpm
736eb71aca03cccc7fc22f5918b7789b mbs1/x86_64/php-gettext-5.3.23-1.mbs1.x86_64.rpm
abcaf21e8cb6af5672c93f38f1b00fe5 mbs1/x86_64/php-gmp-5.3.23-1.mbs1.x86_64.rpm
69599e7619b4b96ff571f4bd99c3654c mbs1/x86_64/php-hash-5.3.23-1.mbs1.x86_64.rpm
09ffb17b8e21a84c073a522db05c4718 mbs1/x86_64/php-iconv-5.3.23-1.mbs1.x86_64.rpm
09cadf9049e70170828450320a236423 mbs1/x86_64/php-imap-5.3.23-1.mbs1.x86_64.rpm
e2b47a2e79d8d3978e3c69f7d8c01dfd mbs1/x86_64/php-ini-5.3.23-1.mbs1.x86_64.rpm
921b86c9f3ed247b00a256ceb1197f0d mbs1/x86_64/php-intl-5.3.23-1.mbs1.x86_64.rpm
f8370d7d004bfcb9f6e1cb218f807057 mbs1/x86_64/php-json-5.3.23-1.mbs1.x86_64.rpm
f364d67ab3fb1fe80fd9ec8bf7394009 mbs1/x86_64/php-ldap-5.3.23-1.mbs1.x86_64.rpm
02251d66f44163a10b8d889676e666cc mbs1/x86_64/php-mbstring-5.3.23-1.mbs1.x86_64.rpm
042b1829cce5f61ebedcc5f30ff20035 mbs1/x86_64/php-mcrypt-5.3.23-1.mbs1.x86_64.rpm
b447078948b75a40d5b30dee81c6976a mbs1/x86_64/php-mssql-5.3.23-1.mbs1.x86_64.rpm
6f1b43c82c93443ec96753e9a84950cc mbs1/x86_64/php-mysql-5.3.23-1.mbs1.x86_64.rpm
c043a03652e4a352d90c339d8514ab20 mbs1/x86_64/php-mysqli-5.3.23-1.mbs1.x86_64.rpm
022f739ee9bd47b400cb6e9ef0076d0f mbs1/x86_64/php-mysqlnd-5.3.23-1.mbs1.x86_64.rpm
aee527e1c4395bcf47489f5de3e85973 mbs1/x86_64/php-odbc-5.3.23-1.mbs1.x86_64.rpm
0b12307f28b2ade2a479b1c657106b93 mbs1/x86_64/php-openssl-5.3.23-1.mbs1.x86_64.rpm
fc8d9c25b960e6dcae3095423fd7eb7b mbs1/x86_64/php-pcntl-5.3.23-1.mbs1.x86_64.rpm
87da241b0b678b8d44036ef12263290a mbs1/x86_64/php-pdo-5.3.23-1.mbs1.x86_64.rpm
9374747577701c69881eb840142cc7c5 mbs1/x86_64/php-pdo_dblib-5.3.23-1.mbs1.x86_64.rpm
d84f86e6302c0ab9c8850d739ed06417 mbs1/x86_64/php-pdo_mysql-5.3.23-1.mbs1.x86_64.rpm
d79d7e295921a4749ffa6d2276a79cb0 mbs1/x86_64/php-pdo_odbc-5.3.23-1.mbs1.x86_64.rpm
8c44da08c42ba9f444be6a1365130a33 mbs1/x86_64/php-pdo_pgsql-5.3.23-1.mbs1.x86_64.rpm
dbbf50c04c22723161d2ab414bc4a701 mbs1/x86_64/php-pdo_sqlite-5.3.23-1.mbs1.x86_64.rpm
84c27f0e6ac5ba3a4fc85090c66cd100 mbs1/x86_64/php-pgsql-5.3.23-1.mbs1.x86_64.rpm
86a562bb7ba15f4c11a09dc907d06c41 mbs1/x86_64/php-phar-5.3.23-1.mbs1.x86_64.rpm
f5ebb6199467a8ae183d4453a5ea1eee mbs1/x86_64/php-posix-5.3.23-1.mbs1.x86_64.rpm
88a900d553ed56c44b720f5d0d00062d mbs1/x86_64/php-readline-5.3.23-1.mbs1.x86_64.rpm
a00f749487581e96a2ffb5bd5e001d6d mbs1/x86_64/php-recode-5.3.23-1.mbs1.x86_64.rpm
6f43b086944ca0a4a50502b9097293d4 mbs1/x86_64/php-session-5.3.23-1.mbs1.x86_64.rpm
e35c2531bf22feeed4c18f4e51c56520 mbs1/x86_64/php-shmop-5.3.23-1.mbs1.x86_64.rpm
3203ebcfe63025bab1d064ee1a8f0b7f mbs1/x86_64/php-snmp-5.3.23-1.mbs1.x86_64.rpm
4f1e87045f17c52c91df55e42fdc268c mbs1/x86_64/php-soap-5.3.23-1.mbs1.x86_64.rpm
cbbf0e4f53c9030b17dc930fbf9d4ddf mbs1/x86_64/php-sockets-5.3.23-1.mbs1.x86_64.rpm
90c9245030104e2ac3ecc003cf41d8f2 mbs1/x86_64/php-sqlite3-5.3.23-1.mbs1.x86_64.rpm
a39a2a36b098ca4960b96e280a5c72b8 mbs1/x86_64/php-sqlite-5.3.23-1.mbs1.x86_64.rpm
ccbcf8d7306343b66ef50c0dea072fc5 mbs1/x86_64/php-sybase_ct-5.3.23-1.mbs1.x86_64.rpm
06fb9ca27561b796288631dec9b8350e mbs1/x86_64/php-sysvmsg-5.3.23-1.mbs1.x86_64.rpm
dd660a7502a3a57d660e31b55ddfad32 mbs1/x86_64/php-sysvsem-5.3.23-1.mbs1.x86_64.rpm
7fd98dbf4efd765bd0e4d0862c8597cc mbs1/x86_64/php-sysvshm-5.3.23-1.mbs1.x86_64.rpm
fe595b63d0935c9a5eebb000de353cd0 mbs1/x86_64/php-tidy-5.3.23-1.mbs1.x86_64.rpm
9bcb3d7095bc612a8206df87b6baee13 mbs1/x86_64/php-timezonedb-2013.2-1.mbs1.x86_64.rpm
fe308ad9075cca7013b00c01f55dafca mbs1/x86_64/php-tokenizer-5.3.23-1.mbs1.x86_64.rpm
3da940b28fc5abe1136711417c9f3e41 mbs1/x86_64/php-wddx-5.3.23-1.mbs1.x86_64.rpm
e56f637f9b6291e53aad9b82b97ddae1 mbs1/x86_64/php-xml-5.3.23-1.mbs1.x86_64.rpm
1ed6a886fd870ac55eb816fc5cc6721e mbs1/x86_64/php-xmlreader-5.3.23-1.mbs1.x86_64.rpm
3e6014db54a5daaca554df6a922e42e8 mbs1/x86_64/php-xmlrpc-5.3.23-1.mbs1.x86_64.rpm
6c8b227163654bda270427918e12ab2f mbs1/x86_64/php-xmlwriter-5.3.23-1.mbs1.x86_64.rpm
5d24ec3dd271a844065c92c4289b7fd5 mbs1/x86_64/php-xsl-5.3.23-1.mbs1.x86_64.rpm
ebd190fa53ef1aee2fb72fa6600fbaa8 mbs1/x86_64/php-zip-5.3.23-1.mbs1.x86_64.rpm
1b94e4caf7dbbf2337de70e7ff25f545 mbs1/x86_64/php-zlib-5.3.23-1.mbs1.x86_64.rpm
60a622b6a226b21fee50fe74a3183501 mbs1/SRPMS/php-5.3.23-1.mbs1.src.rpm
b70b0f87c49a6b768b72279e9bb23ff4 mbs1/SRPMS/php-apc-3.1.13-3.1.mbs1.src.rpm
c02d1d4cb37565033aadb6f2422e2b99 mbs1/SRPMS/php-eaccelerator-0.9.6.1-12.1.mbs1.src.rpm
d8675e1e6ffca04b8721734927e4d101 mbs1/SRPMS/php-gd-bundled-5.3.23-1.mbs1.src.rpm
d776aa8a353feff61280e9c75271c44d mbs1/SRPMS/php-timezonedb-2013.2-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRZThFmqjQ0CJFipgRAqfiAKDqyVYfEMk4Ab6ahTzKU67czRxLNgCgjzEd
KoH2+wOnRRA2vdv1RddRYlA=
=LR6m
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close