[pLog-svn] Debian security status of orange.limedaley.com (fwd)
Jon Daley
plogworld at jon.limedaley.com
Wed Apr 12 09:45:41 GMT 2006
Four unfixed bugs in both php4 and php5, reported recently.
Thought you all might be interested.
CVE-2006-0996 Cross-site scripting (XSS) vulnerability in phpinfo...
<http://idssi.enyo.de/tracker/CVE-2006-0996>
- php4-pgsql, php4-gd, php4-cgi, php4-common, php4-mysql, php4-curl,
php4-cli, libapache2-mod-php4, php4
Bad one - remove any public phpinfo() pages from PHP4 and PHP5 to be
completely safe. HTML can be injected into the page.
CVE-2006-1494 Directory traversal vulnerability in file.c in PHP...
<http://idssi.enyo.de/tracker/CVE-2006-1494>
- php4-pgsql, php4-gd, php4-cgi, php4-common, php4-mysql, php4-curl,
php4-cli, libapache2-mod-php4, php4
Safe_mode restriction is bypassable. Only a concern if you use safe mode
and have malicious users. If you do, any user can write to files with the
permissions of the web user to any where on the system.
CVE-2006-1549 function *() php/apache Crash
<http://idssi.enyo.de/tracker/CVE-2006-1549>
- php4-pgsql, php4-gd, php4-cgi, php4-common, php4-mysql, php4-curl,
php4-cli, libapache2-mod-php4, php4
If you write a recursive function, ie:
function asd() { asd(); }
it will segfault. I think this isn't a problem for php running as a cgi
(though I will have to test it), but only if you are running php as a
module.
CVE-2006-1608 The copy function in file.c in PHP 4.4.2 and 5.1.2...
<http://idssi.enyo.de/tracker/CVE-2006-1608>
- php4-pgsql, php4-gd, php4-cgi, php4-common, php4-mysql, php4-curl,
php4-cli, libapache2-mod-php4, php4
Same problem as the directory traversal bug.
More information about the pLog-svn
mailing list