PHP: Multiple vulnerabilities

PHP: Multiple vulnerabilities PHP suffers from multiple issues, resulting in security functions bypass, local Denial of service, cross-site scripting or PHP variables overwrite. PHP 2005-11-13 2005-11-13 107602 111032 remote and local 4.3.11-r4 4.4.0-r4 4.4.0-r4 4.3.11-r4 4.4.0-r8 4.4.0-r8 4.3.11-r5 4.4.0-r5 4.4.0-r5

PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the mod_php module or the CGI version and also stand-alone in a CLI.

Multiple vulnerabilities have been found and fixed in PHP:

a possible $GLOBALS variable overwrite problem through file upload handling, extract() and import_request_variables() (CVE-2005-3390)
a local Denial of Service through the use of the session.save_path option (CVE-2005-3319)
an issue with trailing slashes in allowed basedirs (CVE-2005-3054)
an issue with calling virtual() on Apache 2, allowing to bypass safe_mode and open_basedir restrictions (CVE-2005-3392)
a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls (CVE-2005-3389)
The curl and gd modules allowed to bypass the safe mode open_basedir restrictions (CVE-2005-3391)
a cross-site scripting (XSS) vulnerability in phpinfo() (CVE-2005-3388)

Attackers could leverage these issues to exploit applications that are assumed to be secure through the use of proper register_globals, safe_mode or open_basedir parameters. Remote attackers could also conduct cross-site scripting attacks if a page calling phpinfo() was available. Finally, a local attacker could cause a local Denial of Service using malicious session.save_path options.

There is no known workaround that would solve all issues at this time.

All PHP users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose dev-php/php

All mod_php users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose dev-php/mod_php

All php-cgi users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose dev-php/php-cgi

CVE-2005-3054 CVE-2005-3319 CVE-2005-3388 CVE-2005-3389 CVE-2005-3390 CVE-2005-3391 CVE-2005-3392 koon vorlon078