what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.103

Mandriva Linux Security Advisory 2007.103
Posted May 12, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities in PHP4 have been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1864, CVE-2007-2509
SHA-256 | ae759429289c1a3693ebe71fa61005c7aa7fcbf3ea7221d2667bd23c8df1c652

Mandriva Linux Security Advisory 2007.103

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:103
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php4
Date : May 10, 2007
Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A heap buffer overflow flaw was found in the xmlrpc extension for PHP.
A script that implements an XML-RPC server using this extension could
allow a remote attacker to execute arbitrary code as the apache user.
This flaw does not, however, affect PHP applications using the pure-PHP
XML_RPC class provided via PEAR (CVE-2007-1864).

A flaw was found in the ftp extension for PHP. A script using
this extension to provide access to a private FTP server and which
passed untrusted script input directly to any function provided by
this extension could allow a remote attacker to send arbitrary FTP
commands to the server (CVE-2007-2509).

Updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
166f0495b9bd984fc4b887a8920fe111 corporate/3.0/i586/libphp_common432-4.3.4-4.26.C30mdk.i586.rpm
eba86c8d3254e046b3d065f4db7c0714 corporate/3.0/i586/php-cgi-4.3.4-4.26.C30mdk.i586.rpm
44248cbc77edc7772b36c1d95d78f7f4 corporate/3.0/i586/php-cli-4.3.4-4.26.C30mdk.i586.rpm
6c9425c5cdbd25d6ee6bdab6a102f96d corporate/3.0/i586/php-xmlrpc-4.3.4-1.1.C30mdk.i586.rpm
bb4d89124e91f1aa872ad7f960210937 corporate/3.0/i586/php432-devel-4.3.4-4.26.C30mdk.i586.rpm
7964e9c606307c9af6c1a51160d41caa corporate/3.0/SRPMS/php-4.3.4-4.26.C30mdk.src.rpm
0e31d73b03b41014917630a78edd4055 corporate/3.0/SRPMS/php-xmlrpc-4.3.4-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
de5cd7123835dbe8d58d519661621b92 corporate/3.0/x86_64/lib64php_common432-4.3.4-4.26.C30mdk.x86_64.rpm
bc7a35cb5360cf4a301a2f514ff1002d corporate/3.0/x86_64/php-cgi-4.3.4-4.26.C30mdk.x86_64.rpm
6fe331363e03e221bbbe8ddac95b24b7 corporate/3.0/x86_64/php-cli-4.3.4-4.26.C30mdk.x86_64.rpm
d27234ec751507f56297eb7ad00246b2 corporate/3.0/x86_64/php-xmlrpc-4.3.4-1.1.C30mdk.x86_64.rpm
b3717d84991db4ad6bc162b5713421a4 corporate/3.0/x86_64/php432-devel-4.3.4-4.26.C30mdk.x86_64.rpm
7964e9c606307c9af6c1a51160d41caa corporate/3.0/SRPMS/php-4.3.4-4.26.C30mdk.src.rpm
0e31d73b03b41014917630a78edd4055 corporate/3.0/SRPMS/php-xmlrpc-4.3.4-1.1.C30mdk.src.rpm

Corporate 4.0:
21652b2fb396cce7991e6929bf4b7d87 corporate/4.0/i586/libphp4_common4-4.4.4-1.6.20060mlcs4.i586.rpm
d93cc1f82bb7cea14228feeaf097d5ec corporate/4.0/i586/php4-cgi-4.4.4-1.6.20060mlcs4.i586.rpm
130c70025d28c6a5cdb4e198a0b3ae4f corporate/4.0/i586/php4-cli-4.4.4-1.6.20060mlcs4.i586.rpm
2892ae379e430c22a48724e46e1e74be corporate/4.0/i586/php4-devel-4.4.4-1.6.20060mlcs4.i586.rpm
dcd1d9a26a05d0c2ec2f44f7312966cd corporate/4.0/i586/php4-xmlrpc-4.4.4-1.1.20060mlcs4.i586.rpm
a30f364c6dcf21387dc2ccbe759053ee corporate/4.0/SRPMS/php4-4.4.4-1.6.20060mlcs4.src.rpm
b4e817698d4ea91c75cb1c0709b9ca5e corporate/4.0/SRPMS/php4-xmlrpc-4.4.4-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
5e357a0f8a1c458b708904417ad1a758 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.6.20060mlcs4.x86_64.rpm
3256c4130a3f0004027ee817cb85902e corporate/4.0/x86_64/php4-cgi-4.4.4-1.6.20060mlcs4.x86_64.rpm
a29fe77e87c30df6f910340923d6c21c corporate/4.0/x86_64/php4-cli-4.4.4-1.6.20060mlcs4.x86_64.rpm
d14a7f38f36e4331107215a8f45d1b67 corporate/4.0/x86_64/php4-devel-4.4.4-1.6.20060mlcs4.x86_64.rpm
ad13c17cc2de7783913e77114361e639 corporate/4.0/x86_64/php4-xmlrpc-4.4.4-1.1.20060mlcs4.x86_64.rpm
a30f364c6dcf21387dc2ccbe759053ee corporate/4.0/SRPMS/php4-4.4.4-1.6.20060mlcs4.src.rpm
b4e817698d4ea91c75cb1c0709b9ca5e corporate/4.0/SRPMS/php4-xmlrpc-4.4.4-1.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
35dd2191d078e31f6c6da7b2025413bb mnf/2.0/i586/libphp_common432-4.3.4-4.26.M20mdk.i586.rpm
a7f9e65aa53dfb437255840c0f98122d mnf/2.0/i586/php-cgi-4.3.4-4.26.M20mdk.i586.rpm
e9337d663c42d7532ccaaa60905ee00d mnf/2.0/i586/php-cli-4.3.4-4.26.M20mdk.i586.rpm
74078881402c3e5066572779b8c49a66 mnf/2.0/i586/php432-devel-4.3.4-4.26.M20mdk.i586.rpm
738549167401da8b180447dfa41aa190 mnf/2.0/SRPMS/php-4.3.4-4.26.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGQ6VOmqjQ0CJFipgRAi0RAKCMX27lifC1pamWKEGupKY6PwDrTwCdFvw0
ygQSiiQBRJslN2sUeIGuVE0=
=DbpV
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close