Rapid7 Vulnerability & Exploit Database

RHSA-2010:0919: php security update

Back to Search

RHSA-2010:0919: php security update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
11/12/2010
Created
07/25/2018
Added
12/06/2010
Modified
07/04/2017

Description

PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Server.An input validation flaw was discovered in the PHP session serializer. If aPHP script generated session variable names from untrusted user input, aremote attacker could use this flaw to inject an arbitrary variable intothe PHP session. (CVE-2010-3065)An information leak flaw was discovered in the PHP var_export() functionimplementation. If some fatal error occurred during the execution of thisfunction (such as the exhaustion of memory or script execution time limit),part of the function's output was sent to the user as script output,possibly leading to the disclosure of sensitive information.(CVE-2010-2531)A numeric truncation error and an input validation flaw were found in theway the PHP utf8_decode() function decoded partial multi-byte sequencesfor some multi-byte encodings, sending them to output without them beingescaped. An attacker could use these flaws to perform a cross-sitescripting attack. (CVE-2009-5016, CVE-2010-3870)It was discovered that the PHP lcg_value() function used insufficiententropy to seed the pseudo-random number generator. A remote attacker couldpossibly use this flaw to predict values returned by the function, whichare used to generate session identifiers by default. This update changesthe function's implementation to use more entropy during seeding.(CVE-2010-1128)It was discovered that the PHP fnmatch() function did not restrict thelength of the pattern argument. A remote attacker could use this flaw tocrash the PHP interpreter where a script used fnmatch() on untrustedmatching patterns. (CVE-2010-1917)A NULL pointer dereference flaw was discovered in the PHP XML-RPCextension. A malicious XML-RPC client or server could use this flaw tocrash the PHP interpreter via a specially-crafted XML-RPC request.(CVE-2010-0397)All php users should upgrade to these updated packages, which containbackported patches to resolve these issues. After installing the updatedpackages, the httpd daemon must be restarted for the update to take effect.

Solution(s)

  • redhat-upgrade-php
  • redhat-upgrade-php-bcmath
  • redhat-upgrade-php-cli
  • redhat-upgrade-php-common
  • redhat-upgrade-php-dba
  • redhat-upgrade-php-devel
  • redhat-upgrade-php-domxml
  • redhat-upgrade-php-gd
  • redhat-upgrade-php-imap
  • redhat-upgrade-php-ldap
  • redhat-upgrade-php-mbstring
  • redhat-upgrade-php-mysql
  • redhat-upgrade-php-ncurses
  • redhat-upgrade-php-odbc
  • redhat-upgrade-php-pdo
  • redhat-upgrade-php-pear
  • redhat-upgrade-php-pgsql
  • redhat-upgrade-php-snmp
  • redhat-upgrade-php-soap
  • redhat-upgrade-php-xml
  • redhat-upgrade-php-xmlrpc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;