what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2006.162

Mandriva Linux Security Advisory 2006.162
Posted Sep 8, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-162 - The file_exists and imap_reopen functions in PHP before version 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before version 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

tags | advisory, remote, overflow, local, php
systems | linux, mandriva
advisories | CVE-2006-4481, CVE-2006-4484, CVE-2006-4485
SHA-256 | 643f06d3c36b031840d60f7ef35b3fcfbf394ef6737c1a469ff32f9c413f159e

Mandriva Linux Security Advisory 2006.162

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:162
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php
Date : September 7, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5
do not check for the safe_mode and open_basedir settings, which allows
local users to bypass the settings (CVE-2006-4481).

Buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have
an unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table
array (CVE-2006-4484).

The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485).

CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP.

Updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4485
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
146279492bdd9a03694778e265582d65 2006.0/RPMS/libphp5_common5-5.0.4-9.14.20060mdk.i586.rpm
ca99a7740c1b47df847a56cbb25a8e80 2006.0/RPMS/php-cgi-5.0.4-9.14.20060mdk.i586.rpm
665f72c14d5c2d485047c8c288946227 2006.0/RPMS/php-cli-5.0.4-9.14.20060mdk.i586.rpm
ddb6f8354c06c2f7bd78823dc846b2b5 2006.0/RPMS/php-devel-5.0.4-9.14.20060mdk.i586.rpm
a8ba6ed38bb91aa170882a2c0ad32e32 2006.0/RPMS/php-fcgi-5.0.4-9.14.20060mdk.i586.rpm
ddc3fc12907892012c0db9df119edaab 2006.0/RPMS/php-imap-5.0.4-2.4.20060mdk.i586.rpm
7231862a27ba9135e9cfcce3c455af3a 2006.0/SRPMS/php-5.0.4-9.14.20060mdk.src.rpm
69d5c165b33b00454cc56b27bb21eba7 2006.0/SRPMS/php-imap-5.0.4-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
4ba33ec1fd91fdad05aaffb2d8dc766a x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.14.20060mdk.x86_64.rpm
023e44a6bc50c5edaa3abfe85a888ec3 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.14.20060mdk.x86_64.rpm
29e82f10dba8da27a73e57df3ffc198b x86_64/2006.0/RPMS/php-cli-5.0.4-9.14.20060mdk.x86_64.rpm
69fd9d2282d1bc50c19078f8537e4084 x86_64/2006.0/RPMS/php-devel-5.0.4-9.14.20060mdk.x86_64.rpm
a849151feb32d3bcca9f5d175289fce5 x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.14.20060mdk.x86_64.rpm
1551e3c19dde54eaa19dabe5fe8a31db x86_64/2006.0/RPMS/php-imap-5.0.4-2.4.20060mdk.x86_64.rpm
7231862a27ba9135e9cfcce3c455af3a x86_64/2006.0/SRPMS/php-5.0.4-9.14.20060mdk.src.rpm
69d5c165b33b00454cc56b27bb21eba7 x86_64/2006.0/SRPMS/php-imap-5.0.4-2.4.20060mdk.src.rpm

Corporate 3.0:
3eb436590e289bc53b5bf6560ba04b02 corporate/3.0/RPMS/libphp_common432-4.3.4-4.20.C30mdk.i586.rpm
25e55ccb44fe52f3a2dbbded0463c344 corporate/3.0/RPMS/php432-devel-4.3.4-4.20.C30mdk.i586.rpm
b970a8c32bc44c3736173d90dc251141 corporate/3.0/RPMS/php-cgi-4.3.4-4.20.C30mdk.i586.rpm
90098a78f8376e8abc5cad6d6eab75f9 corporate/3.0/RPMS/php-cli-4.3.4-4.20.C30mdk.i586.rpm
65ec1dc0a8da743bbc8c31b02b2e0463 corporate/3.0/RPMS/php-gd-4.3.4-1.4.C30mdk.i586.rpm
f301535d5f0f4eab5b0d6a1d9b231ef8 corporate/3.0/RPMS/php-imap-4.3.4-1.4.C30mdk.i586.rpm
e7eb6f56b39b5c72b3a2dbb602ab8d46 corporate/3.0/SRPMS/php-4.3.4-4.20.C30mdk.src.rpm
55da5f48aa9e2851b88377d436fc154b corporate/3.0/SRPMS/php-gd-4.3.4-1.4.C30mdk.src.rpm
3133219ccf7cd83aec8f03823b6bcf48 corporate/3.0/SRPMS/php-imap-4.3.4-1.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
c5213371e2b3ff49c18bcb7eea366b86 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.20.C30mdk.x86_64.rpm
48206012e77a6949d36188f3b2743afc x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.20.C30mdk.x86_64.rpm
e37a90b7ba3b52fce6bbecd6ec8960bf x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.20.C30mdk.x86_64.rpm
24ce234e4d366125e4a13ca5ac2d0bf6 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.20.C30mdk.x86_64.rpm
60dd687ca2f9fc7b1aa8717533d1ed81 x86_64/corporate/3.0/RPMS/php-gd-4.3.4-1.4.C30mdk.x86_64.rpm
86ff3c6e121b52fd6a092c7f8e35885c x86_64/corporate/3.0/RPMS/php-imap-4.3.4-1.4.C30mdk.x86_64.rpm
e7eb6f56b39b5c72b3a2dbb602ab8d46 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.20.C30mdk.src.rpm
55da5f48aa9e2851b88377d436fc154b x86_64/corporate/3.0/SRPMS/php-gd-4.3.4-1.4.C30mdk.src.rpm
3133219ccf7cd83aec8f03823b6bcf48 x86_64/corporate/3.0/SRPMS/php-imap-4.3.4-1.4.C30mdk.src.rpm

Multi Network Firewall 2.0:
90ed06dbf0316651afc4d8990477ca7d mnf/2.0/RPMS/libphp_common432-4.3.4-4.20.M20mdk.i586.rpm
bbf7116a28e92bd9c6ce531e8014cc22 mnf/2.0/RPMS/php432-devel-4.3.4-4.20.M20mdk.i586.rpm
0c5f0a2f78cdb87ddd4a2a316d107e4c mnf/2.0/RPMS/php-cgi-4.3.4-4.20.M20mdk.i586.rpm
27885acc0df6e7fa21ee1d165df8f426 mnf/2.0/RPMS/php-cli-4.3.4-4.20.M20mdk.i586.rpm
14c40d13e47645ceaddb28508008fd8f mnf/2.0/RPMS/php-gd-4.3.4-1.4.M20mdk.i586.rpm
bfdf39861fc0614d9a81889f6c0dbac6 mnf/2.0/SRPMS/php-4.3.4-4.20.M20mdk.src.rpm
1c40bfd8df9786d467993f0eabc9eff9 mnf/2.0/SRPMS/php-gd-4.3.4-1.4.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFAFKJmqjQ0CJFipgRAlCxAKCTO1wmjhvmHOxneb2oh/V31G1BngCg9eRf
4PNgocaX6b6UlFBbSMDIl24=
=sS0Z
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close