SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   PHP Vendors:   PHP Group
(Red Hat Issues Fix) PHP Integer Overflow in chunk_split() Has Unspecified Impact
SecurityTracker Alert ID:  1018851
SecurityTracker URL:  http://securitytracker.com/id/1018851
CVE Reference:   CVE-2007-2872   (Links to External Site)
Date:  Oct 23 2007
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0 prior to 5.2.3
Description:   A vulnerability was reported in PHP in the chunk_split() function. The impact was not specified.

A user may be able to trigger an integer overflow in the chunk_split() function.

Gerhard Wagner reported this vulnerability.

Impact:   The impact was not specified.
Solution:   Red Hat has has released a fix.

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2007-0888.html

Vendor URL:  www.php.net/releases/5_2_3.php (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Red Hat Enterprise)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 4 2007 PHP Integer Overflow in chunk_split() Has Unspecified Impact



 Source Message Contents

Date:  Tue, 23 Oct 2007 11:55:15 -0400
Subject:  [RHSA-2007:0888-01] Moderate: php security update


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: php security update
Advisory ID:       RHSA-2007:0888-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0888.html
Issue date:        2007-10-23
Updated on:        2007-10-23
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-2509 CVE-2007-2872 CVE-2007-3799 
                   CVE-2007-3996 CVE-2007-4670 
- ---------------------------------------------------------------------

1. Summary:

Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 2.1

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1  - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server. 

Various integer overflow flaws were found in the PHP gd extension. A script
that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user.  (CVE-2007-3996)

An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
 Note that it is unusual for a PHP script to use the chunk_script function
with a user-supplied third argument.  (CVE-2007-2872)

A previous security update introduced a bug into PHP session cookie
handling.  This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site.  (CVE-2007-4670)

A bug was found in PHP session cookie handling.  This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL.  (CVE-2007-3799)

A flaw was found in the PHP 'ftp' extension. If a PHP script used this
extension to provide access to a private FTP server, and passed untrusted
script input directly to any function provided by this extension, a remote
attacker would be able to send arbitrary FTP commands to the server. 
(CVE-2007-2509)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

239014 - CVE-2007-2509 php CRLF injection
242032 - CVE-2007-2872 php chunk_split integer overflow
250726 - CVE-2007-3799 php cross-site cookie insertion
278031 - CVE-2007-3996 php multiple integer overflows in gd
278041 - CVE-2007-4670 php malformed cookie handling

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 :

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.19.src.rpm
d59c419407bc7f55ae909d8f36226ed3  php-4.1.2-2.19.src.rpm

i386:
2c6c7d5c75706e695608992a48312dc9  php-4.1.2-2.19.i386.rpm
ac1a914700f541022790f14f7f4be67e  php-devel-4.1.2-2.19.i386.rpm
dbb6a6a436edfd6af00ceb50c69871f0  php-imap-4.1.2-2.19.i386.rpm
e18872974d96d7d6645ff9eb5e8df70e  php-ldap-4.1.2-2.19.i386.rpm
0b5816829e4fe08c75da34bc49f235b0  php-manual-4.1.2-2.19.i386.rpm
4e1ffad2e6f96b7099fb60f8ee7b41de  php-mysql-4.1.2-2.19.i386.rpm
27a0b33680d1380c3e27292881e5ddb3  php-odbc-4.1.2-2.19.i386.rpm
cdd8dab08dc25799a4bc56d23157aa64  php-pgsql-4.1.2-2.19.i386.rpm

ia64:
6f9788224b1a661895378c206402d190  php-4.1.2-2.19.ia64.rpm
dcfe6c96266cc9c0f7cf6bac756dc548  php-devel-4.1.2-2.19.ia64.rpm
539a654c81629bfbda65b5e9827d9da0  php-imap-4.1.2-2.19.ia64.rpm
7152cbca5380150e77098c616af0e7dd  php-ldap-4.1.2-2.19.ia64.rpm
06098dc1102450a0f11ae94823f6c4b0  php-manual-4.1.2-2.19.ia64.rpm
546cb984504a375bbdad6999e2b0748f  php-mysql-4.1.2-2.19.ia64.rpm
fdb45b74ed4414297f0fe366507b3d44  php-odbc-4.1.2-2.19.ia64.rpm
a8a8b6b9e5da2af891fddb1199c429f4  php-pgsql-4.1.2-2.19.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/php-4.1.2-2.19.src.rpm
d59c419407bc7f55ae909d8f36226ed3  php-4.1.2-2.19.src.rpm

ia64:
6f9788224b1a661895378c206402d190  php-4.1.2-2.19.ia64.rpm
dcfe6c96266cc9c0f7cf6bac756dc548  php-devel-4.1.2-2.19.ia64.rpm
539a654c81629bfbda65b5e9827d9da0  php-imap-4.1.2-2.19.ia64.rpm
7152cbca5380150e77098c616af0e7dd  php-ldap-4.1.2-2.19.ia64.rpm
06098dc1102450a0f11ae94823f6c4b0  php-manual-4.1.2-2.19.ia64.rpm
546cb984504a375bbdad6999e2b0748f  php-mysql-4.1.2-2.19.ia64.rpm
fdb45b74ed4414297f0fe366507b3d44  php-odbc-4.1.2-2.19.ia64.rpm
a8a8b6b9e5da2af891fddb1199c429f4  php-pgsql-4.1.2-2.19.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/php-4.1.2-2.19.src.rpm
d59c419407bc7f55ae909d8f36226ed3  php-4.1.2-2.19.src.rpm

i386:
2c6c7d5c75706e695608992a48312dc9  php-4.1.2-2.19.i386.rpm
ac1a914700f541022790f14f7f4be67e  php-devel-4.1.2-2.19.i386.rpm
dbb6a6a436edfd6af00ceb50c69871f0  php-imap-4.1.2-2.19.i386.rpm
e18872974d96d7d6645ff9eb5e8df70e  php-ldap-4.1.2-2.19.i386.rpm
0b5816829e4fe08c75da34bc49f235b0  php-manual-4.1.2-2.19.i386.rpm
4e1ffad2e6f96b7099fb60f8ee7b41de  php-mysql-4.1.2-2.19.i386.rpm
27a0b33680d1380c3e27292881e5ddb3  php-odbc-4.1.2-2.19.i386.rpm
cdd8dab08dc25799a4bc56d23157aa64  php-pgsql-4.1.2-2.19.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/php-4.1.2-2.19.src.rpm
d59c419407bc7f55ae909d8f36226ed3  php-4.1.2-2.19.src.rpm

i386:
2c6c7d5c75706e695608992a48312dc9  php-4.1.2-2.19.i386.rpm
ac1a914700f541022790f14f7f4be67e  php-devel-4.1.2-2.19.i386.rpm
dbb6a6a436edfd6af00ceb50c69871f0  php-imap-4.1.2-2.19.i386.rpm
e18872974d96d7d6645ff9eb5e8df70e  php-ldap-4.1.2-2.19.i386.rpm
0b5816829e4fe08c75da34bc49f235b0  php-manual-4.1.2-2.19.i386.rpm
4e1ffad2e6f96b7099fb60f8ee7b41de  php-mysql-4.1.2-2.19.i386.rpm
27a0b33680d1380c3e27292881e5ddb3  php-odbc-4.1.2-2.19.i386.rpm
cdd8dab08dc25799a4bc56d23157aa64  php-pgsql-4.1.2-2.19.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHHhlgXlSAg2UNWIIRAoabAJ43YcKi1lndvVCoQwviWs0zRB4n2wCfe1cd
izhyPOFL/idOIOPZf/q10fw=
=Gnpt
-----END PGP SIGNATURE-----



-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC