exploit the possibilities

Mandriva Linux Security Advisory 2009-246

Mandriva Linux Security Advisory 2009-246
Posted Sep 26, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-246 - The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to missing sanity checks around exif processing. Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect sanity check for the color index. This update provides a solution to these vulnerabilities.

tags | advisory, denial of service, spoof, php, vulnerability
systems | linux, mandriva
advisories | CVE-2008-7068, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293
MD5 | 7c36d51641d1336db8bd89c885d8e71c

Mandriva Linux Security Advisory 2009-246

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:246
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php
Date : September 25, 2009
Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities was discovered and corrected in php:

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
attackers to cause a denial of service (file truncation) via a key with
the NULL byte. NOTE: this might only be a vulnerability in limited
circumstances in which the attacker can modify or add database entries
but does not have permissions to truncate the file (CVE-2008-7068).

The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates (CVE-2009-3291).

Unspecified vulnerability in PHP before 5.2.11 has unknown impact
and attack vectors related to missing sanity checks around exif
processing. (CVE-2009-3292)

Unspecified vulnerability in the imagecolortransparent function in
PHP before 5.2.11 has unknown impact and attack vectors related to
an incorrect sanity check for the color index. (CVE-2009-3293)

This update provides a solution to these vulnerabilities.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
4a02595b5eea0b6875698b3171c6de18 corporate/3.0/i586/libphp_common432-4.3.4-4.30.C30mdk.i586.rpm
1d5d7040ec73f39c49be4cfb6424ccb1 corporate/3.0/i586/php432-devel-4.3.4-4.30.C30mdk.i586.rpm
223f27eb0ba733c0898589f2bd9f939d corporate/3.0/i586/php-cgi-4.3.4-4.30.C30mdk.i586.rpm
f97c40bcbbff8baf4858b2021399f681 corporate/3.0/i586/php-cli-4.3.4-4.30.C30mdk.i586.rpm
ce14b49faa8a0e0e1f30446a9fd697dd corporate/3.0/i586/php-dba_bundle-4.3.4-1.1.C30mdk.i586.rpm
6dba56cf1716e33d1c672806b83a5c56 corporate/3.0/i586/php-gd-4.3.4-1.8.C30mdk.i586.rpm
6729a16844799b099c84a2ba1396dd47 corporate/3.0/SRPMS/php-4.3.4-4.30.C30mdk.src.rpm
512d01dbfe8ef3037ec2045746342840 corporate/3.0/SRPMS/php-dba_bundle-4.3.4-1.1.C30mdk.src.rpm
2d58a96f81c208cad9b65189156f92e0 corporate/3.0/SRPMS/php-gd-4.3.4-1.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
a655f05bb696767a5c696b2b1e19b2af corporate/3.0/x86_64/lib64php_common432-4.3.4-4.30.C30mdk.x86_64.rpm
3314420b910822f2f44f096d57ae26ad corporate/3.0/x86_64/php432-devel-4.3.4-4.30.C30mdk.x86_64.rpm
49183f06afa423ba77d25f22cd14e665 corporate/3.0/x86_64/php-cgi-4.3.4-4.30.C30mdk.x86_64.rpm
7dd4d4d1f55102dc65f9a307cc2a567e corporate/3.0/x86_64/php-cli-4.3.4-4.30.C30mdk.x86_64.rpm
1383e2f9be11322cc66888d426e626cb corporate/3.0/x86_64/php-dba_bundle-4.3.4-1.1.C30mdk.x86_64.rpm
ee5a8f85e1746fd01fb98f8ae045bbff corporate/3.0/x86_64/php-gd-4.3.4-1.8.C30mdk.x86_64.rpm
6729a16844799b099c84a2ba1396dd47 corporate/3.0/SRPMS/php-4.3.4-4.30.C30mdk.src.rpm
512d01dbfe8ef3037ec2045746342840 corporate/3.0/SRPMS/php-dba_bundle-4.3.4-1.1.C30mdk.src.rpm
2d58a96f81c208cad9b65189156f92e0 corporate/3.0/SRPMS/php-gd-4.3.4-1.8.C30mdk.src.rpm

Corporate 4.0:
45f2d838136d3294f4e7596a1408dffb corporate/4.0/i586/libphp4_common4-4.4.4-1.12.20060mlcs4.i586.rpm
c463bf145de6bf1c1db9617a24c5990b corporate/4.0/i586/libphp5_common5-5.1.6-1.14.20060mlcs4.i586.rpm
914be4bcb8007085dce3aad3199886a8 corporate/4.0/i586/php4-cgi-4.4.4-1.12.20060mlcs4.i586.rpm
a79f33c63c659b8e19e3b53a3082586f corporate/4.0/i586/php4-cli-4.4.4-1.12.20060mlcs4.i586.rpm
1e0b3de1715819c4edb48335e88ca651 corporate/4.0/i586/php4-dba_bundle-4.4.4-1.1.20060mlcs4.i586.rpm
b6b729eafe1d4baa6112831a64a3b360 corporate/4.0/i586/php4-devel-4.4.4-1.12.20060mlcs4.i586.rpm
6b0b011b252fb1ceb8f441767d27f184 corporate/4.0/i586/php4-exif-4.4.4-1.2.20060mlcs4.i586.rpm
4b46d5f0527c24e44a9dbab9f5513a65 corporate/4.0/i586/php-cgi-5.1.6-1.14.20060mlcs4.i586.rpm
6984850d55cb492e6f0ee2d4f7655286 corporate/4.0/i586/php-cli-5.1.6-1.14.20060mlcs4.i586.rpm
683507d8d6498eb22acd4bf67c08f3e1 corporate/4.0/i586/php-dba-5.1.6-1.1.20060mlcs4.i586.rpm
0b9fe463ab494e9421f96d6124276fa6 corporate/4.0/i586/php-devel-5.1.6-1.14.20060mlcs4.i586.rpm
00ba586a8ac5786de8c2196ab85d8cec corporate/4.0/i586/php-exif-5.1.6-1.2.20060mlcs4.i586.rpm
5b0686519a27b7faa3ba549fbc6ddce4 corporate/4.0/i586/php-fcgi-5.1.6-1.14.20060mlcs4.i586.rpm
92c4a3461f37546cec2e0d203ee55c5f corporate/4.0/i586/php-gd-5.1.6-1.1.20060mlcs4.i586.rpm
000d8f8c7c014e06dc26aa0cb579c5d8 corporate/4.0/SRPMS/php4-4.4.4-1.12.20060mlcs4.src.rpm
26fb6c37afef6a5fcd5208bad2ebc553 corporate/4.0/SRPMS/php4-dba_bundle-4.4.4-1.1.20060mlcs4.src.rpm
1dd0142cab4710111ea4ba356632e4f4 corporate/4.0/SRPMS/php4-exif-4.4.4-1.2.20060mlcs4.src.rpm
800e3ef31cb6a98c3c7391b53c100d1a corporate/4.0/SRPMS/php-5.1.6-1.14.20060mlcs4.src.rpm
6e0180221caaa5f8fbaf72f269b0c1ff corporate/4.0/SRPMS/php-dba-5.1.6-1.1.20060mlcs4.src.rpm
3f84b5d0bd2e3ae9d8a6cc61ee842eba corporate/4.0/SRPMS/php-exif-5.1.6-1.2.20060mlcs4.src.rpm
fbc401dc2fbf97e849568d42f3a0907d corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
f4673f56052dc7eba2ef99ec1a087b90 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.12.20060mlcs4.x86_64.rpm
a1d13abd89f308b9acd14d642fcdd4f2 corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.14.20060mlcs4.x86_64.rpm
95d1663b8cb815525ae40f3a1ef60cae corporate/4.0/x86_64/php4-cgi-4.4.4-1.12.20060mlcs4.x86_64.rpm
bd86092a42f161beaf8a29b8e5f7531e corporate/4.0/x86_64/php4-cli-4.4.4-1.12.20060mlcs4.x86_64.rpm
67bc38c3e38ef6541828706179a13f1e corporate/4.0/x86_64/php4-dba_bundle-4.4.4-1.1.20060mlcs4.x86_64.rpm
f4d2a49b4abefbc5d517aae7630345f9 corporate/4.0/x86_64/php4-devel-4.4.4-1.12.20060mlcs4.x86_64.rpm
547ed3d3a4cee4dc66da158241316b80 corporate/4.0/x86_64/php4-exif-4.4.4-1.2.20060mlcs4.x86_64.rpm
391646867948bc40505a7346b3214e1b corporate/4.0/x86_64/php-cgi-5.1.6-1.14.20060mlcs4.x86_64.rpm
a201cd45b38486f398081a1d16ac7d72 corporate/4.0/x86_64/php-cli-5.1.6-1.14.20060mlcs4.x86_64.rpm
a67a0a8ba90e41f18fd36bc1f05e3311 corporate/4.0/x86_64/php-dba-5.1.6-1.1.20060mlcs4.x86_64.rpm
a636fea041109d1d28c7323d4075179e corporate/4.0/x86_64/php-devel-5.1.6-1.14.20060mlcs4.x86_64.rpm
c02a5dda722f0d6fa7144feb8ba1ce50 corporate/4.0/x86_64/php-exif-5.1.6-1.2.20060mlcs4.x86_64.rpm
e50415f8780f27db1b68a10a6d372a6f corporate/4.0/x86_64/php-fcgi-5.1.6-1.14.20060mlcs4.x86_64.rpm
91fabbd879295321a4573cff179fec16 corporate/4.0/x86_64/php-gd-5.1.6-1.1.20060mlcs4.x86_64.rpm
000d8f8c7c014e06dc26aa0cb579c5d8 corporate/4.0/SRPMS/php4-4.4.4-1.12.20060mlcs4.src.rpm
26fb6c37afef6a5fcd5208bad2ebc553 corporate/4.0/SRPMS/php4-dba_bundle-4.4.4-1.1.20060mlcs4.src.rpm
1dd0142cab4710111ea4ba356632e4f4 corporate/4.0/SRPMS/php4-exif-4.4.4-1.2.20060mlcs4.src.rpm
800e3ef31cb6a98c3c7391b53c100d1a corporate/4.0/SRPMS/php-5.1.6-1.14.20060mlcs4.src.rpm
6e0180221caaa5f8fbaf72f269b0c1ff corporate/4.0/SRPMS/php-dba-5.1.6-1.1.20060mlcs4.src.rpm
3f84b5d0bd2e3ae9d8a6cc61ee842eba corporate/4.0/SRPMS/php-exif-5.1.6-1.2.20060mlcs4.src.rpm
fbc401dc2fbf97e849568d42f3a0907d corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
b4c61a34209cb2665757431b76c29618 mnf/2.0/i586/libphp_common432-4.3.4-4.30.C30mdk.i586.rpm
6a46ca28a0edfa8d4de397ea468c6b7e mnf/2.0/i586/php432-devel-4.3.4-4.30.C30mdk.i586.rpm
aeedd733f5d44af49cf0fbd5260833c4 mnf/2.0/i586/php-cgi-4.3.4-4.30.C30mdk.i586.rpm
5fba6d630664beaaebf243da3fb4d287 mnf/2.0/i586/php-cli-4.3.4-4.30.C30mdk.i586.rpm
d18c9980d35f042f8aaf663fe2e2942d mnf/2.0/i586/php-gd-4.3.4-1.8.C30mdk.i586.rpm
0dd3ff93902b0f993a5e767cc50e017b mnf/2.0/SRPMS/php-4.3.4-4.30.C30mdk.src.rpm
a86659f66c2327f54c921ffccfc589cd mnf/2.0/SRPMS/php-gd-4.3.4-1.8.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKvOH8mqjQ0CJFipgRApIHAKDVI9Jw2rVhzWDAy60BrWFosZuCowCgpWhL
xPcS4xN6XLqETihUeqBrkFo=
=D0DO
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close