what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.103

Mandriva Linux Security Advisory 2007.103
Posted May 12, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities in PHP4 have been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1864, CVE-2007-2509
SHA-256 | ae759429289c1a3693ebe71fa61005c7aa7fcbf3ea7221d2667bd23c8df1c652

Mandriva Linux Security Advisory 2007.103

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:103
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php4
Date : May 10, 2007
Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A heap buffer overflow flaw was found in the xmlrpc extension for PHP.
A script that implements an XML-RPC server using this extension could
allow a remote attacker to execute arbitrary code as the apache user.
This flaw does not, however, affect PHP applications using the pure-PHP
XML_RPC class provided via PEAR (CVE-2007-1864).

A flaw was found in the ftp extension for PHP. A script using
this extension to provide access to a private FTP server and which
passed untrusted script input directly to any function provided by
this extension could allow a remote attacker to send arbitrary FTP
commands to the server (CVE-2007-2509).

Updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
166f0495b9bd984fc4b887a8920fe111 corporate/3.0/i586/libphp_common432-4.3.4-4.26.C30mdk.i586.rpm
eba86c8d3254e046b3d065f4db7c0714 corporate/3.0/i586/php-cgi-4.3.4-4.26.C30mdk.i586.rpm
44248cbc77edc7772b36c1d95d78f7f4 corporate/3.0/i586/php-cli-4.3.4-4.26.C30mdk.i586.rpm
6c9425c5cdbd25d6ee6bdab6a102f96d corporate/3.0/i586/php-xmlrpc-4.3.4-1.1.C30mdk.i586.rpm
bb4d89124e91f1aa872ad7f960210937 corporate/3.0/i586/php432-devel-4.3.4-4.26.C30mdk.i586.rpm
7964e9c606307c9af6c1a51160d41caa corporate/3.0/SRPMS/php-4.3.4-4.26.C30mdk.src.rpm
0e31d73b03b41014917630a78edd4055 corporate/3.0/SRPMS/php-xmlrpc-4.3.4-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
de5cd7123835dbe8d58d519661621b92 corporate/3.0/x86_64/lib64php_common432-4.3.4-4.26.C30mdk.x86_64.rpm
bc7a35cb5360cf4a301a2f514ff1002d corporate/3.0/x86_64/php-cgi-4.3.4-4.26.C30mdk.x86_64.rpm
6fe331363e03e221bbbe8ddac95b24b7 corporate/3.0/x86_64/php-cli-4.3.4-4.26.C30mdk.x86_64.rpm
d27234ec751507f56297eb7ad00246b2 corporate/3.0/x86_64/php-xmlrpc-4.3.4-1.1.C30mdk.x86_64.rpm
b3717d84991db4ad6bc162b5713421a4 corporate/3.0/x86_64/php432-devel-4.3.4-4.26.C30mdk.x86_64.rpm
7964e9c606307c9af6c1a51160d41caa corporate/3.0/SRPMS/php-4.3.4-4.26.C30mdk.src.rpm
0e31d73b03b41014917630a78edd4055 corporate/3.0/SRPMS/php-xmlrpc-4.3.4-1.1.C30mdk.src.rpm

Corporate 4.0:
21652b2fb396cce7991e6929bf4b7d87 corporate/4.0/i586/libphp4_common4-4.4.4-1.6.20060mlcs4.i586.rpm
d93cc1f82bb7cea14228feeaf097d5ec corporate/4.0/i586/php4-cgi-4.4.4-1.6.20060mlcs4.i586.rpm
130c70025d28c6a5cdb4e198a0b3ae4f corporate/4.0/i586/php4-cli-4.4.4-1.6.20060mlcs4.i586.rpm
2892ae379e430c22a48724e46e1e74be corporate/4.0/i586/php4-devel-4.4.4-1.6.20060mlcs4.i586.rpm
dcd1d9a26a05d0c2ec2f44f7312966cd corporate/4.0/i586/php4-xmlrpc-4.4.4-1.1.20060mlcs4.i586.rpm
a30f364c6dcf21387dc2ccbe759053ee corporate/4.0/SRPMS/php4-4.4.4-1.6.20060mlcs4.src.rpm
b4e817698d4ea91c75cb1c0709b9ca5e corporate/4.0/SRPMS/php4-xmlrpc-4.4.4-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
5e357a0f8a1c458b708904417ad1a758 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.6.20060mlcs4.x86_64.rpm
3256c4130a3f0004027ee817cb85902e corporate/4.0/x86_64/php4-cgi-4.4.4-1.6.20060mlcs4.x86_64.rpm
a29fe77e87c30df6f910340923d6c21c corporate/4.0/x86_64/php4-cli-4.4.4-1.6.20060mlcs4.x86_64.rpm
d14a7f38f36e4331107215a8f45d1b67 corporate/4.0/x86_64/php4-devel-4.4.4-1.6.20060mlcs4.x86_64.rpm
ad13c17cc2de7783913e77114361e639 corporate/4.0/x86_64/php4-xmlrpc-4.4.4-1.1.20060mlcs4.x86_64.rpm
a30f364c6dcf21387dc2ccbe759053ee corporate/4.0/SRPMS/php4-4.4.4-1.6.20060mlcs4.src.rpm
b4e817698d4ea91c75cb1c0709b9ca5e corporate/4.0/SRPMS/php4-xmlrpc-4.4.4-1.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
35dd2191d078e31f6c6da7b2025413bb mnf/2.0/i586/libphp_common432-4.3.4-4.26.M20mdk.i586.rpm
a7f9e65aa53dfb437255840c0f98122d mnf/2.0/i586/php-cgi-4.3.4-4.26.M20mdk.i586.rpm
e9337d663c42d7532ccaaa60905ee00d mnf/2.0/i586/php-cli-4.3.4-4.26.M20mdk.i586.rpm
74078881402c3e5066572779b8c49a66 mnf/2.0/i586/php432-devel-4.3.4-4.26.M20mdk.i586.rpm
738549167401da8b180447dfa41aa190 mnf/2.0/SRPMS/php-4.3.4-4.26.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGQ6VOmqjQ0CJFipgRAi0RAKCMX27lifC1pamWKEGupKY6PwDrTwCdFvw0
ygQSiiQBRJslN2sUeIGuVE0=
=DbpV
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close