Multiple Security Vulnerabilities in PHP Announced

      Comments Off on Multiple Security Vulnerabilities in PHP Announced

p. “secunia.com”:http://secunia.com released “an advisory”:http://secunia.com/advisories/25123/ today on 11 security vulnerabilities in PHP versions prior to PHP 5.2.2.

# An unspecified error in the “ftp_putcmd()” function can be exploited to inject newline characters.
# An unspecified error in the “import_request_variables()” can be exploited to overwrite global variables.
# An unspecified error can remotely be exploited to cause a buffer overflow within in the “make_http_soap_request()” function (PHP 5).
# An unspecified error can be exploited to cause a buffer overflow within the “user_filter_factory_create()” function (PHP 5).
# An unspecified error in the bundled libxmlrpc library can remotely be exploited to cause a buffer overflow.
# An input validation error in the “mail()” function allows injection of headers via the “To” and “Subject” parameters.
# An error in the “mail()” function allows to truncate messages via ASCIIZ bytes.
# The “safe_mode” and “open_basedir” protection mechanisms can be bypassed via the “zip://” and “bzip://” wrappers.
# An integer overflow exists in “substr_compare()”, which can be exploited to read memory from memory behind PHP variables. The “substr_count” function is reportedly also affected.
# An error in the “mb_parse_str()” can be exploited to activate “register_globals”.
# An error in the Zend engine related to nested array variables that can be exploited to crash a PHP application.

p. Their recommended solution:
Update to version “5.2.2”:http://www.php.net/downloads.php#v5 or “4.4.7”:http://www.php.net/downloads.php#v4. Grant only trusted users permission to execute PHP code.