Rapid7 Vulnerability & Exploit Database

CESA-2007:0890: php security update

Back to Search

CESA-2007:0890: php security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
09/04/2007
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated PHP packages that fix several security issues are now available for CentOS Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. (CVE-2007-3996) An integer overflow flaw was found in the PHP chunk_split function. If a remote attacker was able to pass arbitrary data to the third argument of chunk_split they could possibly execute arbitrary code as the apache user. Note that it is unusual for a PHP script to use the chunk_script function with a user-supplied third argument. (CVE-2007-2872) A previous security update introduced a bug into PHP session cookie handling. This could allow an attacker to stop a victim from viewing a vulnerable web site if the victim has first visited a malicious web page under the control of the attacker, and that page can set a cookie for the vulnerable web site. (CVE-2007-4670) A flaw was found in the PHP money_format function. If a remote attacker was able to pass arbitrary data to the money_format function this could possibly result in an information leak or denial of service. Note that is is unusual for a PHP script to pass user-supplied data to the money_format function. (CVE-2007-4658) A flaw was found in the PHP wordwrap function. If a remote attacker was able to pass arbitrary data to the wordwrap function this could possibly result in a denial of service. (CVE-2007-3998) A bug was found in PHP session cookie handling. This could allow an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL. (CVE-2007-3799) An infinite-loop flaw was discovered in the PHP gd extension. A script that could be forced to process PNG images from an untrusted source could allow a remote attacker to cause a denial of service. (CVE-2007-2756) Users of PHP should upgrade to these updated packages, which contain backported patches to correct these issues.

Solution(s)

  • centos-upgrade-php
  • centos-upgrade-php-bcmath
  • centos-upgrade-php-cli
  • centos-upgrade-php-common
  • centos-upgrade-php-dba
  • centos-upgrade-php-devel
  • centos-upgrade-php-domxml
  • centos-upgrade-php-gd
  • centos-upgrade-php-imap
  • centos-upgrade-php-ldap
  • centos-upgrade-php-mbstring
  • centos-upgrade-php-mysql
  • centos-upgrade-php-ncurses
  • centos-upgrade-php-odbc
  • centos-upgrade-php-pdo
  • centos-upgrade-php-pear
  • centos-upgrade-php-pgsql
  • centos-upgrade-php-snmp
  • centos-upgrade-php-soap
  • centos-upgrade-php-xml
  • centos-upgrade-php-xmlrpc

References

  • centos-upgrade-php
  • centos-upgrade-php-bcmath
  • centos-upgrade-php-cli
  • centos-upgrade-php-common
  • centos-upgrade-php-dba
  • centos-upgrade-php-devel
  • centos-upgrade-php-domxml
  • centos-upgrade-php-gd
  • centos-upgrade-php-imap
  • centos-upgrade-php-ldap
  • centos-upgrade-php-mbstring
  • centos-upgrade-php-mysql
  • centos-upgrade-php-ncurses
  • centos-upgrade-php-odbc
  • centos-upgrade-php-pdo
  • centos-upgrade-php-pear
  • centos-upgrade-php-pgsql
  • centos-upgrade-php-snmp
  • centos-upgrade-php-soap
  • centos-upgrade-php-xml
  • centos-upgrade-php-xmlrpc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;