Title: PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
Severity: CRITICAL
Description:
PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML.
PHP is prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.
The following key security issues have been identified in PHP 5.2.5 and prior versions:
- A buffer-overflow vulnerability in FastCGI SAPI may allow attackers to execute arbitary code. Failed attempts would result a denial-of-service condition.
- Multiple vulnerabilities in processing incomplete multibyte chars inside the 'escapeshellcmd() ' and 'escapeshellarg()' functions exist when the shell uses a locale with a variable width character set. Attackers can leverage these issues to bypass security restrictions and inject arbitrary commands in applications using the vulnerable functions. The 'escapeshellcmd()' function issue can be also used to bypass the 'safe_mode' and 'disable_functions' directives.
- A vulnerability affecting 'PATH_TRANSLATED' in 'cgi_main.c' that may allow an attacker to execute arbitrary-code (CVE-2008-0599).
- A vulnerability in PCRE may allow attackers to execute arbitrary code. Failed attempts would cause a denial-of-service condition. NOTE: This issue is described in BID 27886.
- A weakness affects the 'GENERATE_SEED()' macro used by the 'rand()' and 'mt_rand()' functions.
Attackers can exploit this issue to predict random data generated by certain applications that use the vulnerable functions.
Very few details are available. We will update this BID as more information emerges. Note that some of these issues might have been previously reported.
NOTE: PHP 5.2.6 fixes over 100 specific bugs. Only key security issues are outlined above. The PHP team encourages users to upgrade to PHP 5.2.6 as soon as possible. For the full list of bugs and fixes, see the referenced PHP changelog.
These issues are reported to affect PHP 5.2.5 and prior versions.
Affected Products:
- Apple Mac OS X 10.4.11
- Apple Mac OS X 10.5.4
- Apple Mac OS X Server 10.4.11
- Apple Mac OS X Server 10.5.4
- Apple Mac OS X Server 10.5.5
- Avaya AES 3.1.5
- Avaya Communication Manager 5.0
- Avaya Communication Manager Server DEFINITY Server SI/CS
- Avaya Communication Manager Server S8100
- Avaya Communication Manager Server S8300
- Avaya Communication Manager Server S8500
- Avaya Communication Manager Server S8700
- Avaya SIP Enablement Services 5.0
- Debian Linux 4.0
- Debian Linux 4.0 alpha
- Debian Linux 4.0 amd64
- Debian Linux 4.0 arm
- Debian Linux 4.0 armel
- Debian Linux 4.0 hppa
- Debian Linux 4.0 ia-32
- Debian Linux 4.0 ia-64
- Debian Linux 4.0 m68k
- Debian Linux 4.0 mips
- Debian Linux 4.0 mipsel
- Debian Linux 4.0 powerpc
- Debian Linux 4.0 s/390
- Debian Linux 4.0 sparc
- Debian Linux 5.0
- Debian Linux 5.0 alpha
- Debian Linux 5.0 amd64
- Debian Linux 5.0 arm
- Debian Linux 5.0 armel
- Debian Linux 5.0 hppa
- Debian Linux 5.0 ia-32
- Debian Linux 5.0 ia-64
- Debian Linux 5.0 m68k
- Debian Linux 5.0 mips
- Debian Linux 5.0 mipsel
- Debian Linux 5.0 powerpc
- Debian Linux 5.0 s/390
- Debian Linux 5.0 sparc
- Gentoo Linux
- HP ActiveX controls for Windows 98
- HP HP-UX 11.11.0
- HP HP-UX 11.23.0
- HP HP-UX 11.31
- Linux kernel 2.4.19
- Linux kernel 2.4.21
- Linux kernel 2.6.5
- MandrakeSoft Corporate Server 3.0.0
- MandrakeSoft Corporate Server 3.0.0 x86_64
- MandrakeSoft Corporate Server 4.0
- MandrakeSoft Corporate Server 4.0.0 x86_64
- MandrakeSoft Linux Mandrake 2007.1
- MandrakeSoft Linux Mandrake 2007.1 x86_64
- MandrakeSoft Linux Mandrake 2008.0
- MandrakeSoft Linux Mandrake 2008.0 x86_64
- MandrakeSoft Linux Mandrake 2008.1
- MandrakeSoft Linux Mandrake 2008.1 x86_64
- MandrakeSoft Multi Network Firewall 2.0.0
- PHP PHP 5.2.5
- RedHat Advanced Workstation for the Itanium Processor 2.1.0
- RedHat Application Stack v1 for Enterprise Linux AS 4
- RedHat Application Stack v1 for Enterprise Linux ES 4
- RedHat Desktop 3.0.0
- RedHat Desktop 4.0.0
- RedHat Enterprise Linux 5 server
- RedHat Enterprise Linux 5 server
- RedHat Enterprise Linux AS 2.1
- RedHat Enterprise Linux AS 3
- RedHat Enterprise Linux AS 4
- RedHat Enterprise Linux Desktop 5 client
- RedHat Enterprise Linux ES 2.1
- RedHat Enterprise Linux ES 3
- RedHat Enterprise Linux ES 4
- RedHat Enterprise Linux WS 2.1
- RedHat Enterprise Linux WS 3
- RedHat Enterprise Linux WS 4
- RedHat Fedora 8
- RedHat Fedora 9
- RedHat Linux Advanced Workstation 2.1 for the Ita 2.1.0 IA64
- S.u.S.E. Linux 10.0 ppc
- S.u.S.E. Linux 10.0 x86
- S.u.S.E. Linux 10.0 x86-64
- S.u.S.E. Linux 10.1 ppc
- S.u.S.E. Linux 10.1 x86
- S.u.S.E. Linux 10.1 x86-64
- S.u.S.E. Linux Desktop 1.0.0
- S.u.S.E. Linux Enterprise SDK 10 SP1
- S.u.S.E. Linux Enterprise Server 8
- S.u.S.E. Linux Enterprise Server 9
- S.u.S.E. Novell Linux Desktop 9
- S.u.S.E. Open-Enterprise-Server
- S.u.S.E. SUSE LINUX Retail Solution 8.0.0
- S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
- S.u.S.E. SUSE Linux Enterprise Server 10 SP1
- S.u.S.E. SuSE Linux Openexchange Server 4.0.0
- S.u.S.E. SuSE Linux School Server for i386
- S.u.S.E. SuSE Linux Standard Server 8.0.0
- S.u.S.E. UnitedLinux 1.0.0
- S.u.S.E. openSUSE 10.2
- S.u.S.E. openSUSE 10.3
- Slackware Linux -current
- Slackware Linux 10.2.0
- Slackware Linux 11.0
- Slackware Linux 12.0
- Slackware Linux 12.1
- Turbolinux Appliance Server 1.0.0 Hosting Edition
- Turbolinux Appliance Server 1.0.0 Workgroup Edition
- Turbolinux Appliance Server 2.0
- Turbolinux Appliance Server 3.0
- Turbolinux Appliance Server 3.0 x64
- Turbolinux Appliance Server Hosting Edition 1.0.0
- Turbolinux Appliance Server Workgroup Edition 1.0.0
- Turbolinux Client 2008
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux Turbolinux Server 10.0.0
- Turbolinux Turbolinux Server 10.0.0 x86
- Turbolinux Turbolinux Server 10.0.0 x64
- Turbolinux Turbolinux Server 11
- Turbolinux Turbolinux Server 11 x64
- Ubuntu Ubuntu Linux 6.06 LTS amd64
- Ubuntu Ubuntu Linux 6.06 LTS i386
- Ubuntu Ubuntu Linux 6.06 LTS powerpc
- Ubuntu Ubuntu Linux 6.06 LTS sparc
- Ubuntu Ubuntu Linux 7.04 amd64
- Ubuntu Ubuntu Linux 7.04 i386
- Ubuntu Ubuntu Linux 7.04 powerpc
- Ubuntu Ubuntu Linux 7.04 sparc
- Ubuntu Ubuntu Linux 7.10 amd64
- Ubuntu Ubuntu Linux 7.10 i386
- Ubuntu Ubuntu Linux 7.10 lpia
- Ubuntu Ubuntu Linux 7.10 powerpc
- Ubuntu Ubuntu Linux 7.10 sparc
- Ubuntu Ubuntu Linux 8.04 LTS amd64
- Ubuntu Ubuntu Linux 8.04 LTS i386
- Ubuntu Ubuntu Linux 8.04 LTS lpia
- Ubuntu Ubuntu Linux 8.04 LTS powerpc
- Ubuntu Ubuntu Linux 8.04 LTS sparc
- rPath Appliance Platform Linux Service 1
- rPath rPath Linux 1
- rPath rPath Linux 2
References:
- Avaya: ASA-2008-326 - php security update (RHSA-2008-0582)
- Avaya: Avaya Security Advisory ASA-2008-313
- CVE: CVE-2008-0599
- HP: HPSBUX02342 SSRT080063 rev.1 - HP-UX Running Apache or Tomcat with PHP, Remote E
- PHP: PHP 5.2.6 ChangeLog
- PHP: PHP Homepage
- PHP: cgi_main.c 2008/02/28 00:51:56 1.267.2.15.2.50.2.13
- Red Hat: RHSA-2008:0544-6 php security update
- Red Hat: RHSA-2008:0545-6 php security and bug fix update
- Red Hat: RHSA-2008:0546-3 Moderate: php security update
- Red Hat: RHSA-2008:0582-2 Moderate: php security update
- SektionEins GmbH: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability
- SektionEins GmbH: PHP Multibyte Shell Command Escaping Bypass Vulnerability
- US-CERT: Vulnerability Note VU#147027 PHP path translation vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
