what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.038

Mandriva Linux Security Advisory 2007.038
Posted Feb 8, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. PHP uses an embedded copy of GD and may be susceptible to the same issue.

tags | advisory, remote, denial of service, overflow, arbitrary, local, php
systems | linux, mandriva
advisories | CVE-2006-6383, CVE-2007-0455
SHA-256 | 20bd43ac9ea3ba7f56ad433b0486fe65759e84d86c4a41734fbc2d70733c5101

Mandriva Linux Security Advisory 2007.038

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:038
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php
Date : February 6, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and
open_basedir restrictions via a malicious path and a null byte before a
";" in a session_save_path argument, followed by an allowed path, which
causes a parsing inconsistency in which PHP validates the allowed path
but sets session.save_path to the malicious path. (CVE-2006-6383)

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD
Graphics Library 2.0.33 and earlier allows remote attackers to cause a
denial of service (application crash) and possibly execute arbitrary
code via a crafted string with a JIS encoded font. PHP uses an embedded
copy of GD and may be susceptible to the same issue. (CVE-2007-0455)

Updated packages have been patched to correct these issues. Users must
restart Apache for the changes to take effect.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
f4975722488c515d7701f3f2475c45c1 2006.0/i586/libphp5_common5-5.0.4-9.18.20060mdk.i586.rpm
df6d91c7fb6deadd6447c68d41a7a57f 2006.0/i586/php-cgi-5.0.4-9.18.20060mdk.i586.rpm
861b613a3caa594e9d18de2f66711c1c 2006.0/i586/php-cli-5.0.4-9.18.20060mdk.i586.rpm
aa74ed178e6523b28d6f0ee1cfb2b9a6 2006.0/i586/php-devel-5.0.4-9.18.20060mdk.i586.rpm
cdc33f50531e2815c3f39a2f12eca69d 2006.0/i586/php-fcgi-5.0.4-9.18.20060mdk.i586.rpm
0df45677da595137066ec38171463402 2006.0/i586/php-gd-5.0.4-2.1.20060mdk.i586.rpm
09416e0ce824f667f9f247950e3f6b87 2006.0/SRPMS/php-5.0.4-9.18.20060mdk.src.rpm
9caab8fb262742b7fdc8e2787db26e49 2006.0/SRPMS/php-gd-5.0.4-2.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
94d70f0d65bebd9b8b235ec523bef3c4 2006.0/x86_64/lib64php5_common5-5.0.4-9.18.20060mdk.x86_64.rpm
3e145f94684bd8aaae230b181a3bab18 2006.0/x86_64/php-cgi-5.0.4-9.18.20060mdk.x86_64.rpm
5a460212062d85cc35c52c6c42e3babc 2006.0/x86_64/php-cli-5.0.4-9.18.20060mdk.x86_64.rpm
a31b6a63963f4486ee7839e449fb60ef 2006.0/x86_64/php-devel-5.0.4-9.18.20060mdk.x86_64.rpm
6c0ae39e3a6b8cb07a44271e5b128e2f 2006.0/x86_64/php-fcgi-5.0.4-9.18.20060mdk.x86_64.rpm
228bb108271c28550034b39b9f6cafee 2006.0/x86_64/php-gd-5.0.4-2.1.20060mdk.x86_64.rpm
09416e0ce824f667f9f247950e3f6b87 2006.0/SRPMS/php-5.0.4-9.18.20060mdk.src.rpm
9caab8fb262742b7fdc8e2787db26e49 2006.0/SRPMS/php-gd-5.0.4-2.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
c8879f538ab9a93f1999c9dc8aa2f6c7 2007.0/i586/libphp5_common5-5.1.6-1.4mdv2007.0.i586.rpm
e8c050d86574fb1d2a52a5b3ec85a255 2007.0/i586/php-cgi-5.1.6-1.4mdv2007.0.i586.rpm
92391d48bd18ab9e20e64039a4a9f2ff 2007.0/i586/php-cli-5.1.6-1.4mdv2007.0.i586.rpm
d7b3ddc58da98113342434d45e04c3a8 2007.0/i586/php-devel-5.1.6-1.4mdv2007.0.i586.rpm
a5dd9b692fbd9c41be42fa2d59539c1d 2007.0/i586/php-fcgi-5.1.6-1.4mdv2007.0.i586.rpm
a2d2a3091d51ffc74793760ed31a1faa 2007.0/i586/php-gd-5.1.6-1.1mdv2007.0.i586.rpm
719976944ad1da508b9dd10eb1068e41 2007.0/SRPMS/php-5.1.6-1.4mdv2007.0.src.rpm
af2f0370851c3d3729b89586d9eded8e 2007.0/SRPMS/php-gd-5.1.6-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
5bf3650bbe564873a14ea8b6bf3ade06 2007.0/x86_64/lib64php5_common5-5.1.6-1.4mdv2007.0.x86_64.rpm
34ed4aa6be49dcb88f7bbc0a5c2e8690 2007.0/x86_64/php-cgi-5.1.6-1.4mdv2007.0.x86_64.rpm
608fc651103e04774dd99542ac9c24e3 2007.0/x86_64/php-cli-5.1.6-1.4mdv2007.0.x86_64.rpm
ade70a35519251e33fece3b184a5e42c 2007.0/x86_64/php-devel-5.1.6-1.4mdv2007.0.x86_64.rpm
32a0cd75a40a80b04d4f62e7a5695cf6 2007.0/x86_64/php-fcgi-5.1.6-1.4mdv2007.0.x86_64.rpm
b65ee3000cc55d6835bde68de1285708 2007.0/x86_64/php-gd-5.1.6-1.1mdv2007.0.x86_64.rpm
719976944ad1da508b9dd10eb1068e41 2007.0/SRPMS/php-5.1.6-1.4mdv2007.0.src.rpm
af2f0370851c3d3729b89586d9eded8e 2007.0/SRPMS/php-gd-5.1.6-1.1mdv2007.0.src.rpm

Corporate 3.0:
a4d72dc3de251851206c67e9706432a6 corporate/3.0/i586/libphp_common432-4.3.4-4.23.C30mdk.i586.rpm
b8e1d56bb999975f9ea0a66d8877847f corporate/3.0/i586/php-cgi-4.3.4-4.23.C30mdk.i586.rpm
433ae81fdc6d1238c0931e43f6989a9b corporate/3.0/i586/php-cli-4.3.4-4.23.C30mdk.i586.rpm
2a1717d00d78a6a6f34cddb987c0f279 corporate/3.0/i586/php-gd-4.3.4-1.5.C30mdk.i586.rpm
44c2653add5bf2cc23a2d8f6bfa3b31e corporate/3.0/i586/php432-devel-4.3.4-4.23.C30mdk.i586.rpm
b8efd05ff96d101323b6253aa08b5e93 corporate/3.0/SRPMS/php-4.3.4-4.23.C30mdk.src.rpm
d18944ac47e27e3653fe99e134ecba18 corporate/3.0/SRPMS/php-gd-4.3.4-1.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
cfd5971fec1866bf5fe3c5e23adaba58 corporate/3.0/x86_64/lib64php_common432-4.3.4-4.23.C30mdk.x86_64.rpm
14be94ecf6ddc1f3b910b802624de67c corporate/3.0/x86_64/php-cgi-4.3.4-4.23.C30mdk.x86_64.rpm
b016f2131f015adf8a0d0da27033569f corporate/3.0/x86_64/php-cli-4.3.4-4.23.C30mdk.x86_64.rpm
9355a4e63f1e5193f43f5048541885bf corporate/3.0/x86_64/php-gd-4.3.4-1.5.C30mdk.x86_64.rpm
77c18b09786f412789f63d6094a4fd23 corporate/3.0/x86_64/php432-devel-4.3.4-4.23.C30mdk.x86_64.rpm
b8efd05ff96d101323b6253aa08b5e93 corporate/3.0/SRPMS/php-4.3.4-4.23.C30mdk.src.rpm
d18944ac47e27e3653fe99e134ecba18 corporate/3.0/SRPMS/php-gd-4.3.4-1.5.C30mdk.src.rpm

Corporate 4.0:
64274f70614e93e30b479a7ba0613e8a corporate/4.0/i586/libphp4_common4-4.4.4-1.3.20060mlcs4.i586.rpm
43f22e53482c4451a24f3008a7ba75eb corporate/4.0/i586/libphp5_common5-5.1.6-1.3.20060mlcs4.i586.rpm
2c1b8b75b49bf78b6a677d36832e116c corporate/4.0/i586/php-cgi-5.1.6-1.3.20060mlcs4.i586.rpm
64261b179e2db73b5838d96020835cae corporate/4.0/i586/php-cli-5.1.6-1.3.20060mlcs4.i586.rpm
dfd172a482e20943dabd3b3fbef9ba95 corporate/4.0/i586/php-devel-5.1.6-1.3.20060mlcs4.i586.rpm
1a57eb8f5b70cd4ea28b98b462493e51 corporate/4.0/i586/php-fcgi-5.1.6-1.3.20060mlcs4.i586.rpm
bd060ffd97d1ede4a3c9453de8287970 corporate/4.0/i586/php-gd-5.1.6-1.1.20060mlcs4.i586.rpm
e7d645e78c829242e3f81ab16aa8903d corporate/4.0/i586/php4-cgi-4.4.4-1.3.20060mlcs4.i586.rpm
1379c35acd8c2a414d482d5d0f5c782a corporate/4.0/i586/php4-cli-4.4.4-1.3.20060mlcs4.i586.rpm
10f753850f58ea02962272a4a30b8ed0 corporate/4.0/i586/php4-devel-4.4.4-1.3.20060mlcs4.i586.rpm
ab1bc26c56c8d5c0c82544bd189ccb06 corporate/4.0/SRPMS/php-5.1.6-1.3.20060mlcs4.src.rpm
528acaacac81d6ca4c195355fd5935c1 corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm
6fea47535848cb3eeb381d8e9ceaf278 corporate/4.0/SRPMS/php4-4.4.4-1.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
a667b24b7182332997da97d003095bf4 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.3.20060mlcs4.x86_64.rpm
96860c73274abe165290ad70a1f8bbec corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.3.20060mlcs4.x86_64.rpm
e53ed6e99e23219f351b9dd0faf1fbf8 corporate/4.0/x86_64/php-cgi-5.1.6-1.3.20060mlcs4.x86_64.rpm
2894870436518afda0788313f6fe9d6e corporate/4.0/x86_64/php-cli-5.1.6-1.3.20060mlcs4.x86_64.rpm
3e78d378968a67edda64f8a1db752b21 corporate/4.0/x86_64/php-devel-5.1.6-1.3.20060mlcs4.x86_64.rpm
16b8070a55f06ede6cce10bbac1f5706 corporate/4.0/x86_64/php-fcgi-5.1.6-1.3.20060mlcs4.x86_64.rpm
f3fccbe495f311fb13e64b3c2532323b corporate/4.0/x86_64/php-gd-5.1.6-1.1.20060mlcs4.x86_64.rpm
e8825bc14914ae4f896b28ab1b04e7ae corporate/4.0/x86_64/php4-cgi-4.4.4-1.3.20060mlcs4.x86_64.rpm
1249dfd5f50a707ac6a31c18dec924e0 corporate/4.0/x86_64/php4-cli-4.4.4-1.3.20060mlcs4.x86_64.rpm
f38d55e2315ba81db68dcb237a783ef0 corporate/4.0/x86_64/php4-devel-4.4.4-1.3.20060mlcs4.x86_64.rpm
ab1bc26c56c8d5c0c82544bd189ccb06 corporate/4.0/SRPMS/php-5.1.6-1.3.20060mlcs4.src.rpm
528acaacac81d6ca4c195355fd5935c1 corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm
6fea47535848cb3eeb381d8e9ceaf278 corporate/4.0/SRPMS/php4-4.4.4-1.3.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
1a5b0a4fa1fe65d9b01ac1fcb87e57f4 mnf/2.0/i586/libphp_common432-4.3.4-4.23.M20mdk.i586.rpm
1ca60ff9165bc3fc897f5a4fac0a27ab mnf/2.0/i586/php-cgi-4.3.4-4.23.M20mdk.i586.rpm
5ecb69d1ba9a1aefb943fdf00922a67e mnf/2.0/i586/php-cli-4.3.4-4.23.M20mdk.i586.rpm
43adb03ed86a75a3e90387c075f36bea mnf/2.0/i586/php-gd-4.3.4-1.5.M20mdk.i586.rpm
e83875b4d3307b9d16602bf2da0c245a mnf/2.0/i586/php432-devel-4.3.4-4.23.M20mdk.i586.rpm
fb782af12ca499a56594703feb6bed2c mnf/2.0/SRPMS/php-4.3.4-4.23.M20mdk.src.rpm
fb344c42cba2a62c03c42b864b2e3151 mnf/2.0/SRPMS/php-gd-4.3.4-1.5.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFyQv3mqjQ0CJFipgRAjDEAKCLn4/gWRIof2G9RBEcR3PlAb0YswCeNKkK
lRvByGSY6blc0yvvmysCSV0=
=rtk4
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close