Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:691

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51435

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2003:691

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2003:691.

PHP[1] is a very popular scripting language used by web servers to
offer dynamic content.

This announcement updates PHP4 to the 4.3.2 version and contains,
among others, the following fixes:

- one of the memory allocation functions was modified to prevent
integer overflow vulnerabilities. Sir Mordred has reported some
vulnerable functions which try to allocate memory without checking
for integer overflows: array_pad()[2], str_repeat()[3] and
socket_iovec_alloc()[4]. In order to exploit this vulnerability,
however, an attacker would need to be able to manipulate the
parameters used in these functions, which is application specific.

- transparent session ID cross site scripting (CVE-2003-0442)[5]:
this vulnerability is only present if the session.use_trans_sid
parameter in the php.ini configuration file is enabled. The default
for this parameter is for it to be disabled. Previous PHP versions
did not sanitize the session ID and this would allow cross site
scripting attacks.

- fix for some socket functions[6]: also reported by Sir Mordred, the
socket_recv() and socket_recvfrom() functions can be used to crash
PHP if supplied with negative arguments. Again, in order to exploit
this vulnerability, it is necessary for the attacker to be able to
supply his/her own arguments to these functions, which is application
specific.

- new libimap4 package: while building packages for Conectiva Linux
9, it was realized that the imap libraries which were being used did
not have proper Kerberos support and this was breaking the PHP build.
This has been fixed and the new php4-imap package contains a
dependency for the fixed libimap4 package.

- new documentation packages: besides being updated for the 4.3.2
version, there are also two new documentation packages: Brazilian
portuguese and Spanish, taken from the project's site.

- new packages for Conectiva Linux 8: two new packages have been
added to Conectiva Linux 8: php4-mcrypt (for cryptographic functions)
and php4-snmp (for snmp-related functions).

Important note for Conectiva Linux 7.0 and 8 users:
Please note that PHP now ships with the register_globals parameter
set to Off by default. Some applications, such as the Imp 2.x
webmail, need this parameter to be set to On in order to work
properly. If your application needs this parameter active, please
edit php's configuration file (/etc/php4/apache/php.ini for DSO,
/etc/php4/cgi/php.ini for CGI). If possible, consider changing the
application so that it does not need register_globals = On, because
it makes it easier to introduce security vulnerabilities in PHP
scripts. The http://www.php.net/register_globals page contains a
thorough discussion of this issue.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2003:691
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : Medium

CVSS Score:
4.3

Referencia Cruzada: BugTraq ID: 7761
Common Vulnerability Exposure (CVE) ID: CVE-2003-0442
http://www.securityfocus.com/bid/7761
Bugtraq: 20030530 PHP Trans SID XSS (Was: New php release with security fixes) (Google Search)
http://marc.info/?l=bugtraq&m=105449314612963&w=2
Bugtraq: 20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) (Google Search)
http://marc.info/?l=bugtraq&m=105760591228031&w=2
Computer Incident Advisory Center Bulletin: N-112
http://www.ciac.org/ciac/bulletins/n-112.shtml
Conectiva Linux advisory: CLSA-2003:691
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
Debian Security Information: DSA-351 (Google Search)
http://www.debian.org/security/2003/dsa-351
http://www.mandriva.com/security/advisories?name=MDKSA-2003:082
http://shh.thathost.com/secadv/2003-05-11-php.txt
http://www.osvdb.org/4758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485
http://www.redhat.com/support/errata/RHSA-2003-204.html
SCO Security Bulletin: CSSA-2003-SCO.28
http://www.securitytracker.com/id?1008653
TurboLinux Advisory: TLSA-2003-47
http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt
XForce ISS Database: php-session-id-xss(12259)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12259

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51435
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:691
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:691. PHP[1] is a very popular scripting language used by web servers to offer dynamic content. This announcement updates PHP4 to the 4.3.2 version and contains, among others, the following fixes: - one of the memory allocation functions was modified to prevent integer overflow vulnerabilities. Sir Mordred has reported some vulnerable functions which try to allocate memory without checking for integer overflows: array_pad()[2], str_repeat()[3] and socket_iovec_alloc()[4]. In order to exploit this vulnerability, however, an attacker would need to be able to manipulate the parameters used in these functions, which is application specific. - transparent session ID cross site scripting (CVE-2003-0442)[5]: this vulnerability is only present if the session.use_trans_sid parameter in the php.ini configuration file is enabled. The default for this parameter is for it to be disabled. Previous PHP versions did not sanitize the session ID and this would allow cross site scripting attacks. - fix for some socket functions[6]: also reported by Sir Mordred, the socket_recv() and socket_recvfrom() functions can be used to crash PHP if supplied with negative arguments. Again, in order to exploit this vulnerability, it is necessary for the attacker to be able to supply his/her own arguments to these functions, which is application specific. - new libimap4 package: while building packages for Conectiva Linux 9, it was realized that the imap libraries which were being used did not have proper Kerberos support and this was breaking the PHP build. This has been fixed and the new php4-imap package contains a dependency for the fixed libimap4 package. - new documentation packages: besides being updated for the 4.3.2 version, there are also two new documentation packages: Brazilian portuguese and Spanish, taken from the project's site. - new packages for Conectiva Linux 8: two new packages have been added to Conectiva Linux 8: php4-mcrypt (for cryptographic functions) and php4-snmp (for snmp-related functions). Important note for Conectiva Linux 7.0 and 8 users: Please note that PHP now ships with the register_globals parameter set to Off by default. Some applications, such as the Imp 2.x webmail, need this parameter to be set to On in order to work properly. If your application needs this parameter active, please edit php's configuration file (/etc/php4/apache/php.ini for DSO, /etc/php4/cgi/php.ini for CGI). If possible, consider changing the application so that it does not need register_globals = On, because it makes it easier to introduce security vulnerabilities in PHP scripts. The http://www.php.net/register_globals page contains a thorough discussion of this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2003:691 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	BugTraq ID: 7761 Common Vulnerability Exposure (CVE) ID: CVE-2003-0442 http://www.securityfocus.com/bid/7761 Bugtraq: 20030530 PHP Trans SID XSS (Was: New php release with security fixes) (Google Search) http://marc.info/?l=bugtraq&m=105449314612963&w=2 Bugtraq: 20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) (Google Search) http://marc.info/?l=bugtraq&m=105760591228031&w=2 Computer Incident Advisory Center Bulletin: N-112 http://www.ciac.org/ciac/bulletins/n-112.shtml Conectiva Linux advisory: CLSA-2003:691 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691 Debian Security Information: DSA-351 (Google Search) http://www.debian.org/security/2003/dsa-351 http://www.mandriva.com/security/advisories?name=MDKSA-2003:082 http://shh.thathost.com/secadv/2003-05-11-php.txt http://www.osvdb.org/4758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485 http://www.redhat.com/support/errata/RHSA-2003-204.html SCO Security Bulletin: CSSA-2003-SCO.28 http://www.securitytracker.com/id?1008653 TurboLinux Advisory: TLSA-2003-47 http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt XForce ISS Database: php-session-id-xss(12259) https://exchange.xforce.ibmcloud.com/vulnerabilities/12259
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com