Rapid7 Vulnerability & Exploit Database

RHSA-2010:0040: php security update

Back to Search

RHSA-2010:0040: php security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
10/19/2009
Created
07/25/2018
Added
01/27/2010
Modified
07/04/2017

Description

PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Web server.Multiple missing input sanitization flaws were discovered in PHP's exifextension. A specially-crafted image file could cause the PHP interpreterto crash or, possibly, disclose portions of its memory when a PHP scripttried to extract Exchangeable image file format (Exif) metadata from theimage file. (CVE-2009-2687, CVE-2009-3292)A missing input sanitization flaw, leading to a buffer overflow, wasdiscovered in PHP's gd library. A specially-crafted GD image file couldcause the PHP interpreter to crash or, possibly, execute arbitrary codewhen opened. (CVE-2009-3546)It was discovered that PHP did not limit the maximum number of files thatcan be uploaded in one request. A remote attacker could use this flaw toinstigate a denial of service by causing the PHP interpreter to use lots ofsystem resources dealing with requests containing large amounts of files tobe uploaded. This vulnerability depends on file uploads being enabled(which it is, in the default PHP configuration). (CVE-2009-4017)Note: This update introduces a new configuration option, max_file_uploads,used for limiting the number of files that can be uploaded in one request.By default, the limit is 20 files per request.It was discovered that PHP was affected by the previously published "nullprefix attack", caused by incorrect handling of NUL characters in X.509certificates. If an attacker is able to get a carefully-crafted certificatesigned by a trusted Certificate Authority, the attacker could use thecertificate during a man-in-the-middle attack and potentially confuse PHPinto accepting it by mistake. (CVE-2009-3291)It was discovered that PHP's htmlspecialchars() function did not properlyrecognize partial multi-byte sequences for some multi-byte encodings,sending them to output without them being escaped. An attacker could usethis flaw to perform a cross-site scripting attack. (CVE-2009-4142)All php users should upgrade to these updated packages, which containbackported patches to resolve these issues. After installing the updatedpackages, the httpd daemon must be restarted for the update to take effect.

Solution(s)

  • redhat-upgrade-php
  • redhat-upgrade-php-bcmath
  • redhat-upgrade-php-cli
  • redhat-upgrade-php-common
  • redhat-upgrade-php-dba
  • redhat-upgrade-php-devel
  • redhat-upgrade-php-domxml
  • redhat-upgrade-php-gd
  • redhat-upgrade-php-imap
  • redhat-upgrade-php-ldap
  • redhat-upgrade-php-mbstring
  • redhat-upgrade-php-mysql
  • redhat-upgrade-php-ncurses
  • redhat-upgrade-php-odbc
  • redhat-upgrade-php-pdo
  • redhat-upgrade-php-pear
  • redhat-upgrade-php-pgsql
  • redhat-upgrade-php-snmp
  • redhat-upgrade-php-soap
  • redhat-upgrade-php-xml
  • redhat-upgrade-php-xmlrpc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;