Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Security Update: [CSSA-2003-008.0] Linux: php bypass safe_mode and injected control chars vulnerabilities

From: security () caldera com
Date: Tue, 4 Mar 2003 14:01:11 -0800
To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com full-disclosure () 
lists netsys com

______________________________________________________________________________

                        SCO Security Advisory

Subject:                Linux: php bypass safe_mode and injected control chars vulnerabilities
Advisory number:        CSSA-2003-008.0
Issue date:             2003 March 04
Cross reference:
______________________________________________________________________________


1. Problem Description

        Two vulnerabilities exists in the mail() PHP function. The
        first one allows execution of any program/script, bypassing the
        safe_mode restriction. The second one may allow an open-relay
        if the mail() function is not carefully used in PHP scripts.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to php-4.0.6-4.i386.rpm
                                        prior to php-doc-4.0.6-4.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to php-4.0.6-4.i386.rpm
                                        prior to php-doc-4.0.6-4.i386.rpm

        OpenLinux 3.1 Server            prior to php-4.0.6-4.i386.rpm
                                        prior to php-doc-4.0.6-4.i386.rpm

        OpenLinux 3.1 Workstation       prior to php-4.0.6-4.i386.rpm
                                        prior to php-doc-4.0.6-4.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-008.0/RPMS

        4.2 Packages

        3305349cfaa56ff000040fbd46aad75c        php-4.0.6-4.i386.rpm
        59fa343b3e83a7957e98c719db572a5d        php-doc-4.0.6-4.i386.rpm

        4.3 Installation

        rpm -Fvh php-4.0.6-4.i386.rpm
        rpm -Fvh php-doc-4.0.6-4.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-008.0/SRPMS

        4.5 Source Packages

        729a94e120ea86a4c09acd270709bd47        php-4.0.6-4.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-008.0/RPMS

        5.2 Packages

        c64b972a1e97c18636bbe9767c69c542        php-4.0.6-4.i386.rpm
        b84a833bc7ff1b9c1938e316c59cb0e8        php-doc-4.0.6-4.i386.rpm

        5.3 Installation

        rpm -Fvh php-4.0.6-4.i386.rpm
        rpm -Fvh php-doc-4.0.6-4.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-008.0/SRPMS

        5.5 Source Packages

        80c8ef35bb4416a3799035de440150ae        php-4.0.6-4.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-008.0/RPMS

        6.2 Packages

        9dfabdbf0ed7587128a549d49f0b159f        php-4.0.6-4.i386.rpm
        afbb47367cbcd3494745f18645c679e9        php-doc-4.0.6-4.i386.rpm

        6.3 Installation

        rpm -Fvh php-4.0.6-4.i386.rpm
        rpm -Fvh php-doc-4.0.6-4.i386.rpm

        6.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-008.0/SRPMS

        6.5 Source Packages

        3702bf59800706ff708a2334b4633aad        php-4.0.6-4.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-008.0/RPMS

        7.2 Packages

        83903709a1609108661fff65a58b439f        php-4.0.6-4.i386.rpm
        490332531b9d84e2216313fd0b3c8e28        php-doc-4.0.6-4.i386.rpm

        7.3 Installation

        rpm -Fvh php-4.0.6-4.i386.rpm
        rpm -Fvh php-doc-4.0.6-4.i386.rpm

        7.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-008.0/SRPMS

        7.5 Source Packages

        243e3ed64dc55a019832710583ff461f        php-4.0.6-4.src.rpm


8. References

        Specific references for this advisory:

                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0986
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0985

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr868616, fz525966,
        erg712114.


9. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


10. Acknowledgements

        Wojciech Purczynski <cliph () isec pl> discovered and investigated
        these vulnerabilities.

______________________________________________________________________________

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: