Secunia Logo  


Secunia PSI WorldMap
 
PHP Multiple Vulnerabilities
Secunia Advisory: SA28318
Release Date: 2008-01-03
Last Update: 2008-02-04
Popularity: 9,638 views

Critical:
Moderately critical
Impact: Unknown
Security Bypass
Where: From remote
Solution Status: Vendor Patch

Software:PHP 4.4.x

Secunia CVSS-2 Score: Available in Secunia business solutions

Subscribe: Instant alerts on relevant vulnerabilities


Advisory Content (Page 1 of 3)[ 1 ] [ 2 ] [ 3 ]

Description:
Some vulnerabilities have been reported in PHP, where some have unknown impact and others can be exploited by malicious users to bypass certain security restrictions.

1) An integer overflow error exists in the "chunk_split()" function.

This may be related to vulnerability #1 in:
SA25456

2) Integer overflow errors exists in the "strcspn()" and "strspn()" functions.

3) A regression error related to the "glob()" function exist, which can potentially be exploited to bypass the "open_basedir" directive.

4) An error exists within the handling of SQL queries containing "LOCAL INFILE" inside the MySQL extension. This can be exploited to bypass the "open_basedir" and "safe_mode" directives.

This is related to vulnerability #5 in:
SA26642

5) An error exists when processing "session_save_path" and "error_log" values, which can be exploited to bypass the "open_basedir" and "safe_mode" directives.

The vulnerabilities are reported in versions prior to 4.4.8.

Change Page:
[ 1 ] [ 2 ] [ 3 ]



Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

6th Nov, 2009
New advisories: 17
New vulnerabilities: 65
Updated advisories: 21

Less // 279 views
Debian update for linux-2.6.24
Less // 263 views
Debian update for linux-2.6
Moderately // 246 views
Gentoo update for horde
Less // 258 views
Fedora update for kernel
Less // 251 views
Fedora update for kernel
Moderately // 259 views
Ubuntu update for libgd2
Moderately // 269 views
Ubuntu update for libgd2
Highly // 261 views
Fedora update for alienarena-data

Solutions | More...  


Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Sun Java JDK / JRE Multiple Vulnerabilities // 70 views
2. Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability // 43 views
3. Mozilla Firefox Multiple Vulnerabilities // 25 views
4. Adobe Flash Player Multiple Vulnerabilities // 24 views
5. Adobe Reader/Acrobat Multiple Vulnerabilities // 23 views
6. Fedora update for java-1.6.0-openjdk // 16 views
7. Google Chrome Two Vulnerabilities // 15 views
8. Ubuntu update for mono // 12 views
9. Red Hat update for java-1.6.0-openjdk // 12 views
10. Internet Explorer 7 Window Injection Vulnerability // 12 views