Movatterモバイル変換

[0]ホーム
URL:

Home page logo
bugtraq logo

Bugtraqmailing list archives

PreviousBy DateNext
PreviousBy ThreadNext

Security Update: [CSSA-2002-023.0] Linux: PHP multipart/form-data vulnerabilities

From: security () caldera com
Date: Fri, 17 May 2002 11:20:54 -0700
To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com______________________________________________________________________________                Caldera International, Inc.  Security AdvisorySubject:                Linux: PHP multipart/form-data vulnerabilitiesAdvisory number:        CSSA-2002-023.0Issue date:             2002 May 16Cross reference:______________________________________________________________________________1. Problem Description        Several flaws have been found in the way PHP handles        multipart/form-data POST requests. Each of the flaws could allow        an attacker to execute arbitrary code on the victim's system.2. Vulnerable Supported Versions        System                          Package        ----------------------------------------------------------------------        OpenLinux 3.1.1 Server          prior to php-4.0.6-3.2.i386.rpm                                        prior to php-doc-4.0.6-3.2.i386.rpm        OpenLinux 3.1.1 Workstation     prior to php-4.0.6-3.2.i386.rpm                                        prior to php-doc-4.0.6-3.2.i386.rpm        OpenLinux 3.1 Server            prior to php-4.0.6-3.2.i386.rpm                                        prior to php-doc-4.0.6-3.2.i386.rpm        OpenLinux 3.1 Workstation       prior to php-4.0.6-3.2.i386.rpm                                        prior to php-doc-4.0.6-3.2.i386.rpm3. Solution        The proper solution is to install the latest packages.4. OpenLinux 3.1.1 Server        4.1 Package Locationftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS        4.2 Packages        1bbbc55e7dfd717f02b3668c57891edf        php-4.0.6-3.2.i386.rpm        20c0812616f3df9c48078134c7e7fac6        php-doc-4.0.6-3.2.i386.rpm        4.3 Installation        rpm -Fvh php-4.0.6-3.2.i386.rpm        rpm -Fvh php-doc-4.0.6-3.2.i386.rpm        4.4 Source Package Locationftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS        4.5 Source Packages        d17abc8b13cc6074475c2eb4d5cda6e1        php-4.0.6-3.2.src.rpm5. OpenLinux 3.1.1 Workstation        5.1 Package Locationftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS        5.2 Packages        476c985cfab14a44ec3b5b1878900277        php-4.0.6-3.2.i386.rpm        e2434fec5c6fb8b877e35dcceb85c44b        php-doc-4.0.6-3.2.i386.rpm        5.3 Installation        rpm -Fvh php-4.0.6-3.2.i386.rpm        rpm -Fvh php-doc-4.0.6-3.2.i386.rpm        5.4 Source Package Locationftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS        5.5 Source Packages        e51125ee2a73855bf6adf0cdd38baadc        php-4.0.6-3.2.src.rpm6. OpenLinux 3.1 Server        6.1 Package Locationftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS        6.2 Packages        6714aca296f79646b5e3a1875481dfd5        php-4.0.6-3.2.i386.rpm        fdf7024cc7dde4b3131362080d48c1a3        php-doc-4.0.6-3.2.i386.rpm        6.3 Installation        rpm -Fvh php-4.0.6-3.2.i386.rpm        rpm -Fvh php-doc-4.0.6-3.2.i386.rpm        6.4 Source Package Locationftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS        6.5 Source Packages        12e7a38c6fecfd011fe244816b6200f7        php-4.0.6-3.2.src.rpm7. OpenLinux 3.1 Workstation        7.1 Package Locationftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS        7.2 Packages        22ab000e77e3b7cfb320a0bd276f36b8        php-4.0.6-3.2.i386.rpm        520590022934e36c5d4695adb8296f64        php-doc-4.0.6-3.2.i386.rpm        7.3 Installation        rpm -Fvh php-4.0.6-3.2.i386.rpm        rpm -Fvh php-doc-4.0.6-3.2.i386.rpm        7.4 Source Package Locationftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS        7.5 Source Packages        f3b5da8a31e6e557a84c634328564285        php-4.0.6-3.2.src.rpm8. References        Specific references for this advisory:http://security.e-matters.de/advisories/012002.htmlhttp://www.kb.cert.org/vuls/id/297363http://bugs.php.net/bug.php?id=15736        Caldera OpenLinux security resources:http://www.caldera.com/support/security/index.html        Caldera UNIX security resources:http://stage.caldera.com/support/security/        This security fix closes Caldera incidents sr861013, fz520246,        erg711976 and erg711968.9. Disclaimer        Caldera International, Inc. is not responsible for the misuse        of any of the information we provide on this website and/or        through our security advisories. Our advisories are a service        to our customers intended to promote secure installation and        use of Caldera products.10. Acknowledgements        Stefan Esser (s.esser () e-matters de) reported these        vulnerabilities.______________________________________________________________________________

Attachment:_bin
Description:

PreviousBy DateNext
PreviousBy ThreadNext

Current thread:

[8]ページ先頭
©2009-2026 Movatter.jp