ID

VAR-201205-0312

CVE

CVE-2012-2336

TITLE

PHP Input validation error vulnerability

DESCRIPTION

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. Please refer to the following Mandriva advisories for further information: MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180, MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2012:1046-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1046.html Issue date: 2012-06-27 CVE Names: CVE-2010-2950 CVE-2011-4153 CVE-2012-0057 CVE-2012-0781 CVE-2012-0789 CVE-2012-1172 CVE-2012-2143 CVE-2012-2336 CVE-2012-2386 ===================================================================== 1. Summary: Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially-crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386) A format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially-crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI. (CVE-2010-2950) A flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143) Note: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated. It was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially-crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336) A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. (CVE-2012-0789) A NULL pointer dereference flaw was found in the PHP tidy_diagnose() function. A remote attacker could use specially-crafted input to crash an application that uses tidy::diagnose. (CVE-2012-0781) It was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153) Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143. All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 782657 - CVE-2012-0057 php: XSLT file writing vulnerability 782943 - CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS 782951 - CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS 783609 - CVE-2012-0789 php: strtotime timezone memory leak 799187 - CVE-2012-1172 php: $_FILES array indexes corruption 816956 - CVE-2012-2143 BSD crypt(): DES encrypted password weakness 820708 - CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h 823594 - CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension 835024 - CVE-2010-2950 php: Format string flaw in phar extension via phar_stream_flush() (MOPS-2010-024) 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-5.3.3-14.el6_3.i686.rpm php-bcmath-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm x86_64: php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm ppc64: php-5.3.3-14.el6_3.ppc64.rpm php-cli-5.3.3-14.el6_3.ppc64.rpm php-common-5.3.3-14.el6_3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.ppc64.rpm php-gd-5.3.3-14.el6_3.ppc64.rpm php-ldap-5.3.3-14.el6_3.ppc64.rpm php-mysql-5.3.3-14.el6_3.ppc64.rpm php-odbc-5.3.3-14.el6_3.ppc64.rpm php-pdo-5.3.3-14.el6_3.ppc64.rpm php-pgsql-5.3.3-14.el6_3.ppc64.rpm php-soap-5.3.3-14.el6_3.ppc64.rpm php-xml-5.3.3-14.el6_3.ppc64.rpm php-xmlrpc-5.3.3-14.el6_3.ppc64.rpm s390x: php-5.3.3-14.el6_3.s390x.rpm php-cli-5.3.3-14.el6_3.s390x.rpm php-common-5.3.3-14.el6_3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.s390x.rpm php-gd-5.3.3-14.el6_3.s390x.rpm php-ldap-5.3.3-14.el6_3.s390x.rpm php-mysql-5.3.3-14.el6_3.s390x.rpm php-odbc-5.3.3-14.el6_3.s390x.rpm php-pdo-5.3.3-14.el6_3.s390x.rpm php-pgsql-5.3.3-14.el6_3.s390x.rpm php-soap-5.3.3-14.el6_3.s390x.rpm php-xml-5.3.3-14.el6_3.s390x.rpm php-xmlrpc-5.3.3-14.el6_3.s390x.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-bcmath-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm ppc64: php-bcmath-5.3.3-14.el6_3.ppc64.rpm php-dba-5.3.3-14.el6_3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.ppc64.rpm php-devel-5.3.3-14.el6_3.ppc64.rpm php-embedded-5.3.3-14.el6_3.ppc64.rpm php-enchant-5.3.3-14.el6_3.ppc64.rpm php-imap-5.3.3-14.el6_3.ppc64.rpm php-intl-5.3.3-14.el6_3.ppc64.rpm php-mbstring-5.3.3-14.el6_3.ppc64.rpm php-process-5.3.3-14.el6_3.ppc64.rpm php-pspell-5.3.3-14.el6_3.ppc64.rpm php-recode-5.3.3-14.el6_3.ppc64.rpm php-snmp-5.3.3-14.el6_3.ppc64.rpm php-tidy-5.3.3-14.el6_3.ppc64.rpm php-zts-5.3.3-14.el6_3.ppc64.rpm s390x: php-bcmath-5.3.3-14.el6_3.s390x.rpm php-dba-5.3.3-14.el6_3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.s390x.rpm php-devel-5.3.3-14.el6_3.s390x.rpm php-embedded-5.3.3-14.el6_3.s390x.rpm php-enchant-5.3.3-14.el6_3.s390x.rpm php-imap-5.3.3-14.el6_3.s390x.rpm php-intl-5.3.3-14.el6_3.s390x.rpm php-mbstring-5.3.3-14.el6_3.s390x.rpm php-process-5.3.3-14.el6_3.s390x.rpm php-pspell-5.3.3-14.el6_3.s390x.rpm php-recode-5.3.3-14.el6_3.s390x.rpm php-snmp-5.3.3-14.el6_3.s390x.rpm php-tidy-5.3.3-14.el6_3.s390x.rpm php-zts-5.3.3-14.el6_3.s390x.rpm x86_64: php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-bcmath-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm x86_64: php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2950.html https://www.redhat.com/security/data/cve/CVE-2011-4153.html https://www.redhat.com/security/data/cve/CVE-2012-0057.html https://www.redhat.com/security/data/cve/CVE-2012-0781.html https://www.redhat.com/security/data/cve/CVE-2012-0789.html https://www.redhat.com/security/data/cve/CVE-2012-1172.html https://www.redhat.com/security/data/cve/CVE-2012-2143.html https://www.redhat.com/security/data/cve/CVE-2012-2336.html https://www.redhat.com/security/data/cve/CVE-2012-2386.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2012-0546.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP6yxRXlSAg2UNWIIRAqlmAKCLhNreR9eJ9DMLQgGynQ1AR57OhwCeNCjP 5dEIaw64iUF1AYJgb6tOHK0= =KioB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03839862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03839862 Version: 1 HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-07-18 Last Updated: 2013-07-18 Potential Security Impact: Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain extended privileges, disclosure of information, unauthorized access, XSS Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. References: CVE-2011-3389 (SSRT100740) Remote disclosure of information CVE-2012-0883 (SSRT101209) Remote gain extended privileges CVE-2012-2110 (SSRT101210) Remote Denial of Service (DoS) CVE-2012-2311 (SSRT100992) Remote execution of arbitrary code CVE-2012-2329 (SSRT100992) Remote Denial of Service (DoS) CVE-2012-2335 (SSRT100992) Remote execution of arbitrary code CVE-2012-2336 (SSRT100992) Remote Denial of Service (DoS) CVE-2013-2355 (SSRT100696) Remote unauthorized Access CVE-2013-2356 (SSRT100835) Remote disclosure of information CVE-2013-2357 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2358 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2359 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2360 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2361 (SSRT101007) XSS CVE-2013-2362 (SSRT101076, ZDI-CAN-1676) Local Denial of Service (DoS) CVE-2013-2363 (SSRT101150) Remote disclosure of information CVE-2013-2364 (SSRT101151) XSS CVE-2013-5217 (SSRT101137) Remote unauthorized access SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and Windows. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0883 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-2110 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2311 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2329 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-2335 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2336 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2355 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-2356 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8 CVE-2013-2357 (AV:N/AC:M/Au:S/C:N/I:N/A:C) 6.3 CVE-2013-2358 (AV:N/AC:M/Au:S/C:N/I:N/A:C) 6.3 CVE-2013-2359 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2013-2360 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2013-2361 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2362 (AV:L/AC:H/Au:S/C:N/I:N/A:P) 1.0 CVE-2013-2363 (AV:N/AC:H/Au:N/C:C/I:N/A:P) 6.1 CVE-2013-2364 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 4.0 CVE-2013-5217 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks agix for working with the TippingPoint Zero Day Initiative to report vulnerability CVE-2013-2362 to security-alert@hp.com RESOLUTION HP has made System Management Homepage (SMH) v7.2.1 or subsequent available for Windows and Linux to resolve the vulnerabilities. Information and updates for SMH can be found at the following location: http://h18013.www1.hp.com/products/servers/management/agents/index.html HISTORY Version:1 (rev.1) - 18 July 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in php(-cgi): PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The updated packages provides the latest version (5.3.13) which provides a solution to this flaw. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPq4WAmqjQ0CJFipgRAihWAKCc3667vbSD/ihxb7LB9g9x2C+bnQCg89XH JTVUFGYH3hR84ZM7EV65I9g= =hQaF -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ============================================================================ Ubuntu Security Notice USN-1481-1 June 19, 2012 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php5: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. (CVE-2012-1172) Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. (CVE-2012-2143) It was discovered that a Debian/Ubuntu specific patch caused PHP to incorrectly handle empty salt strings. This issue only affected Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2012-2317) It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. Configurations using mod_php5 and FastCGI were not vulnerable. (CVE-2012-2386) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: php5 5.3.10-1ubuntu3.2 Ubuntu 11.10: php5 5.3.6-13ubuntu3.8 Ubuntu 11.04: php5 5.3.5-1ubuntu7.10 Ubuntu 10.04 LTS: php5 5.3.2-1ubuntu4.17 Ubuntu 8.04 LTS: php5 5.2.4-2ubuntu5.25 In general, a standard system update will make all the necessary changes

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

arbitrary

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

De Eindbazen

SOURCES

LAST UPDATE DATE

2024-11-20T20:14:55.463000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE