Rapid7 Vulnerability & Exploit Database

RHSA-2003:159: New PHP packages fix vulnerabilities

Back to Search

RHSA-2003:159: New PHP packages fix vulnerabilities

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
06/30/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated PHP packages are available for Red Hat Linux on IBM iSeries and pSeries systems.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. The mail function in PHP 4.x to 4.2.2 may allow local script authors to bypass safe mode restrictions and modify command line arguments to an MTA (such as Sendmail). Specifically, the fifth argument to mail() may be modified, altering MTA behavior and possibly allowing the execution of arbitrary local commands. The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." Script authors should note that all input should be checked for unsafe data by any PHP scripts calling functions such as mail(). PHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse the 5th parameter to the mail() function. This vulnerability allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. Note that this PHP errata enforces memory limits on the size of the PHP process to prevent a badly generated script from becoming a possible source for a denial of service attack. The default process size is 8MB, though you can adjust this as necessary through the php.ini directive memory_limit. For example, to change the process memory limit to 4MB, add the following: memory_limit 4194304 Important Note: Your original /etc/php.ini configuration file is not replaced or overwritten. Therefore, you should carefully review your configuration file and adapt it as necessary to your server or service functions.

Solution(s)

  • redhat-upgrade-php
  • redhat-upgrade-php-devel
  • redhat-upgrade-php-imap
  • redhat-upgrade-php-ldap
  • redhat-upgrade-php-manual
  • redhat-upgrade-php-mysql
  • redhat-upgrade-php-odbc
  • redhat-upgrade-php-pgsql
  • redhat-upgrade-php-snmp

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;