Nouvelle faille de secu dans PHP

Nouvelle faille de secu dans PHP - Linux et OS Alternatifs

Marsh Posté le 22-07-2002 à 15:49:45    

Kaboom, une nouvelle faille de secu dans PHP a partir de la version 4.2.0 .
 
Allez zou, on upgrade vers la 4.2.2 vite fait (ou on reste a la 4.1.2-audit qui n'a pas cette faille) .

Reply

Marsh Posté le 22-07-2002 à 15:49:45   

Reply

Marsh Posté le 22-07-2002 à 16:01:58    

Code :
  1. PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
  4. Issued on: July 22, 2002
  5. Software:  PHP versions 4.2.0 and 4.2.1
  6. Platforms: All
  9.    The PHP Group has learned of a serious security vulnerability in PHP
  10.    versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary
  11.    code with the privileges of the web server. This vulnerability may be
  12.    exploited to compromise the web server and, under certain conditions,
  13.    to gain privileged access.
  16. Description
  18.    PHP contains code for intelligently parsing the headers of HTTP POST
  19.    requests. The code is used to differentiate between variables and files
  20.    sent by the user agent in a "multipart/form-data" request. This parser
  21.    has insufficient input checking, leading to the vulnerability.
  23.    The vulnerability is exploitable by anyone who can send HTTP POST
  24.    requests to an affected web server. Both local and remote users, even
  25.    from behind firewalls, may be able to gain privileged access.
  28. Impact
  30.    Both local and remote users may exploit this vulnerability to compromise
  31.    the web server and, under certain conditions, to gain privileged access.
  32.    So far only the IA32 platform has been verified to be safe from the
  33.    execution of arbitrary code. The vulnerability can still be used on IA32
  34.    to crash PHP and, in most cases, the web server.
  37. Solution
  39.    The PHP Group has released a new PHP version, 4.2.2, which incorporates
  40.    a fix for the vulnerability. All users of affected PHP versions are
  41.    encouraged to upgrade to this latest version. The downloads web site at
  43.       http://www.php.net/downloads.php
  44.  
  45.    has the new 4.2.2 source tarballs, Windows binaries and source patches
  46.    from 4.2.0 and 4.2.1 available for download.
  49. Workaround
  51.    If the PHP applications on an affected web server do not rely on HTTP
  52.    POST input from user agents, it is often possible to deny POST requests
  53.    on the web server.
  55.    In the Apache web server, for example, this is possible with the
  56.    following code included in the main configuration file or a top-level
  57.    .htaccess file:
  59.       <Limit POST>
  60.           Order deny,allow
  61.           Deny from all
  62.       </Limit>
  63.    
  64.    Note that an existing configuration and/or .htaccess file may have
  65.    parameters contradicting the example given above.
  68. Credits
  70.    The PHP Group would like to thank Stefan Esser of e-matters GmbH for
  71.    discovering this vulnerability.
  72.  
  74. Copyright (c) 2002 The PHP Group.


 
en gros la faille concerne le décodage par PHP des requetes POST multipart et n'est pas exploitable sur du IA32 (x86)


---------------
Don't blink. Don't even blink. Blink and you're dead. They are fast, faster than you could believe, don't turn your back, don't look away, and DON'T BLINK. Good luck.
Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed