[OpenPKG-SA-2006.028] OpenPKG Security Advisory (php)

From: OpenPKG <openpkg@xxxxxxxxxxx>
Date: Fri, 3 Nov 2006 23:58:54 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory OpenPKG GmbH
http://openpkg.org/security/ http://openpkg.com
OpenPKG-SA-2006.028 2006-11-03
________________________________________________________________________

Package: php
Vulnerability: remote code execution
OpenPKG Specific: no

Affected Series: Affected Packages: Corrected Packages:
E1.0-SOLID <= php-5.1.6-E1.0.0 >= php-5.1.6-E1.0.1
<= apache-1.3.37-E1.0.0 >= apache-1.3.37-E1.0.1
2-STABLE-20061018 <= php-5.1.6-2.20061018 >= php-5.2.0-2.20061103
<= apache-1.3.37-2.20061016 >= apache-1.3.37-2.20061103
2-STABLE <= php-5.1.6-2.20061018 >= php-5.2.0-2.20061103
<= apache-1.3.37-2.20061016 >= apache-1.3.37-2.20061103
CURRENT <= php-5.1.6-20061017 >= php-5.2.0-20061103
<= apache-1.3.37-20061016 >= apache-1.3.37-20061103

Description:
According to a security advisory [0] from Stefan Esser of the
Hardened-PHP project, buffer overflows exist in the programming
language PHP [1], version 5.1.6 and below. The buffer overflows are
in the functions htmlentities() and htmlspecialchars() and may result
in arbitrary remote code execution. The Common Vulnerabilities and
Exposures (CVE) project assigned the id CVE-2006-5465 [2] to the
problem.
________________________________________________________________________

References:
[0] http://www.hardened-php.net/advisory_132006.138.html
[1] http://www.php.net/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@xxxxxxxxxxx>" (ID 63C4CB9F) which
you can retrieve from http://openpkg.org/openpkg.org.pgp. Follow the
instructions on http://openpkg.org/security/signatures/ for details on
how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@xxxxxxxxxxx>

iD8DBQFFS8mZgHWT4GPEy58RAno/AJ9af8lxNEmC7v3h3bIzP2g9/285IACaAmzV
Q9TZ4+jxEBCKH6mp09mZ3M0=
=eziU
-----END PGP SIGNATURE-----

Prev by Date: Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)]
Next by Date: Web Directory Pro bypass Vulnerabilities
Previous by thread: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues
Next by thread: Web Directory Pro bypass Vulnerabilities
Index(es):
- Date
- Thread

Relevant Pages

[OpenPKG-SA-2005.025] OpenPKG Security Advisory (perl)
... OpenPKG Specific: no ... According to a security advisory from Dyad Security, ... execute arbitrary code via format string specifiers with large values. ...
(Bugtraq)
[OpenPKG-SA-2005.028] OpenPKG Security Advisory (curl)
... OpenPKG Specific: no ... According to a vendor security advisory, a Denial of Service (DoS) ... vulnerability exist in "libcurl", the underlying library of the cURL ...
(Bugtraq)
[OpenPKG-SA-2006.001] OpenPKG Security Advisory (gnupg)
... Vulnerability: false positive signature verification ... OpenPKG Specific: no ... According to a vendor security advisory based on hints from the ...
(Bugtraq)
Re: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem
... Security Advisory The FreeBSD Project ... ... Such memory might contain sensitive information, ... kernel memory really isn't very much of a privilege escalation. ...
(FreeBSD-Security)
[OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)
... cross site scripting vulnerability exists in the start_formfunction ... which fixes the specific issue discussed in the original advisory. ... Select the updated source RPM appropriate for your OpenPKG release ... following operations to permanently fix the security problem (for ...
(Bugtraq)