From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue Jul 08 2003 - 07:54:22 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
OpenPKG update for PHP

READ ONLINE:
http://www.secunia.com/advisories/9204/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
OpenPKG 1.x

DESCRIPTION:
OpenPKG has issued an updated version of PHP, which fixes three
vulnerabilities.

Two of the vulnerabilities are old issues in the mail function, which
makes it possible to bypass safe mode and pass shell meta characters
or sendmail command line options. This could potentially allow
attackers to run arbitrary commands with privileges of the web
service.

The third vulnerability is caused due to an input validation error
and allows malicious people to conduct Cross Site Scripting against
sites using transparent SID support.

For more information:
http://www.secunia.com/advisories/8947/

SOLUTION:
$ ftp ftp.openpkg.org
ftp> bin
ftp> cd release/1.2/UPD
ftp> get php-4.2.2-1.1.2.src.rpm
ftp> bye
$ <prefix>/bin/rpm -v --checksig php-4.2.2-1.1.2.src.rpm
$ <prefix>/bin/rpm --rebuild php-4.2.2-1.1.2.src.rpm
$ su -
# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/php-4.2.2-1.1.2.*.rpm

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]