(Red Hat Issues Fix for Stronghold) PHP Input Validation Hole Permits Cross-Site Scripting Attacks and Other Bugs Have Unspecified Impact
|
|
SecurityTracker Alert ID: 1017364 |
|
SecurityTracker URL: http://securitytracker.com/id/1017364
|
|
CVE Reference:
CVE-2006-3016, CVE-2006-3017, CVE-2006-3018
(Links to External Site)
|
Date: Dec 11 2006
|
Impact:
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Several vulnerabilities were reported in PHP. A remote user can conduct cross-site scripting attacks. Other security related flaws were reported but the impact was not specified. Stronghold is affected.
The phpinfo() function does not properly filter HTML code from user-supplied input before displaying the input. For scripts that invoke phpinfo(), a user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Php software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A user may be able to trigger a buffer overflow in the wordwrap() function. The impact was not specified.
A user may be able to trigger a heap corruption within the session extension. The impact was not specified.
A user may be able to cause a variable to persist after the unset() function is called. The impact was not specified.
|
Impact:
In some cases, a user can access the target user's cookies (including authentication cookies), if any, associated with the site running the PHP software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
The specific impact depends on the applications that use PHP.
The impact of the other vulnerabilities was not disclosed.
|
Solution:
Red Hat has issued a fix for Stronghold, which is affected by this PHP vulnerability.
SRPMS:
stronghold-php-4.1.2-11.src.rpm 0547c97d909dcaff9e934027534d398c
IA-32:
stronghold-php-4.1.2-11.i386.rpm 2760105ec84fe473228bab8ed2ad7e8a
stronghold-php-devel-4.1.2-11.i386.rpm 8bb06a430614ebfbee1ec915fbf65344
stronghold-php-imap-4.1.2-11.i386.rpm fb9b6438ebc41645a28e8f536084e21f
stronghold-php-ldap-4.1.2-11.i386.rpm 06eefc1e1a22d0b8e54d1dc26c843660
stronghold-php-manual-4.1.2-11.i386.rpm b8c3c5bbe87e737aa0dcc67f56f75307
stronghold-php-mysql-4.1.2-11.i386.rpm ba5f1d0eb173a5273d34c022d16ed6f9
stronghold-php-odbc-4.1.2-11.i386.rpm 02ee1581128408ee4a286cc3bb83a48d
stronghold-php-pgsql-4.1.2-11.i386.rpm 5e7bf9c969b596cd51e71fc0b3424115
stronghold-php-snmp-4.1.2-11.i386.rpm fe4e64dd3f415fbda35edff97dc35e37
The Red Hat advisory is available at:
http://rhn.redhat.com/errata/RHSA-2006-0736.html
|
Cause:
Boundary error, Input validation error
|
Underlying OS:
Linux (Red Hat Enterprise)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 11 Dec 2006 08:47:49 -0500
Subject: php security update for Stronghold
|
http://rhn.redhat.com/errata/RHSA-2006-0736.html
CVE-2006-3016
CVE-2006-4020
CVE-2006-5465
|
|
