Rapid7 Vulnerability & Exploit Database

RHSA-2008:0544: php security update

Back to Search

RHSA-2008:0544: php security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
05/05/2008
Created
07/25/2018
Added
07/16/2008
Modified
07/04/2017

Description

PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Web server.It was discovered that the PHP escapeshellcmd() function did not properlyescape multi-byte characters which are not valid in the locale used by thescript. This could allow an attacker to bypass quoting restrictions imposedby escapeshellcmd() and execute arbitrary commands if the PHP script wasusing certain locales. Scripts using the default UTF-8 locale are notaffected by this issue. (CVE-2008-2051)PHP functions htmlentities() and htmlspecialchars() did not properlyrecognize partial multi-byte sequences. Certain sequences of bytes could bepassed through these functions without being correctly HTML-escaped.Depending on the browser being used, an attacker could use this flaw toconduct cross-site scripting attacks. (CVE-2007-5898)A PHP script which used the transparent session ID configuration option, orwhich used the output_add_rewrite_var() function, could leak sessionidentifiers to external web sites. If a page included an HTML form with anACTION attribute referencing a non-local URL, the user's session ID wouldbe included in the form data passed to that URL. (CVE-2007-5899)It was discovered that PHP fnmatch() function did not restrict the lengthof the string argument. An attacker could use this flaw to crash the PHPinterpreter where a script used fnmatch() on untrusted input data.(CVE-2007-4782)It was discovered that PHP did not properly seed its pseudo-random numbergenerator used by functions such as rand() and mt_rand(), possibly allowingan attacker to easily predict the generated pseudo-random values.(CVE-2008-2107, CVE-2008-2108)Users of PHP should upgrade to these updated packages, which containbackported patches to correct these issues.

Solution(s)

  • redhat-upgrade-php
  • redhat-upgrade-php-bcmath
  • redhat-upgrade-php-cli
  • redhat-upgrade-php-common
  • redhat-upgrade-php-dba
  • redhat-upgrade-php-devel
  • redhat-upgrade-php-gd
  • redhat-upgrade-php-imap
  • redhat-upgrade-php-ldap
  • redhat-upgrade-php-mbstring
  • redhat-upgrade-php-mysql
  • redhat-upgrade-php-ncurses
  • redhat-upgrade-php-odbc
  • redhat-upgrade-php-pdo
  • redhat-upgrade-php-pgsql
  • redhat-upgrade-php-snmp
  • redhat-upgrade-php-soap
  • redhat-upgrade-php-xml
  • redhat-upgrade-php-xmlrpc

References

  • redhat-upgrade-php
  • redhat-upgrade-php-bcmath
  • redhat-upgrade-php-cli
  • redhat-upgrade-php-common
  • redhat-upgrade-php-dba
  • redhat-upgrade-php-devel
  • redhat-upgrade-php-gd
  • redhat-upgrade-php-imap
  • redhat-upgrade-php-ldap
  • redhat-upgrade-php-mbstring
  • redhat-upgrade-php-mysql
  • redhat-upgrade-php-ncurses
  • redhat-upgrade-php-odbc
  • redhat-upgrade-php-pdo
  • redhat-upgrade-php-pgsql
  • redhat-upgrade-php-snmp
  • redhat-upgrade-php-soap
  • redhat-upgrade-php-xml
  • redhat-upgrade-php-xmlrpc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;