USN-66-1: PHP vulnerabilities

21 January 2005

php4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

FraMe from kernelpanik.org reported that the cURL module does not respect open_basedir restrictions. As a result, scripts which used cURL to open files with an user-specified path could read arbitrary local files outside of the open_basedir directory.

Stefano Di Paola discovered a vulnerability in PHP’s shmop_write() function. Its “offset” parameter was not checked for negative values, which allowed an attacker to write arbitrary data to arbitrary memory locations. A script which passed unchecked parameters to shmop_write() could possibly be exploited to execute arbitrary code with the privileges of the web server and to bypass safe mode restrictions.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
libapache2-mod-php4
php4-cgi
php4-curl

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References