| Description: | Summary:
The remote host is missing an update to php
announced via advisory MDVSA-2009:303.
Vulnerability Insight:
Some vulnerabilities were discovered and corrected in php-5.2.11:
The tempnam function in ext/standard/file.c in PHP 5.2.11 and
earlier, and 5.3.x before 5.3.1, allows context-dependent attackers
to bypass safe_mode restrictions, and create files in group-writable
or world-writable directories, via the dir and prefix arguments
(CVE-2009-3557).
The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and
earlier, and 5.3.x before 5.3.1, allows context-dependent attackers
to bypass open_basedir restrictions, and create FIFO files, via the
pathname and mode arguments, as demonstrated by creating a .htaccess
file (CVE-2009-3558).
PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number
of temporary files created when handling a multipart/form-data POST
request, which allows remote attackers to cause a denial of service
(resource exhaustion), and makes it easier for remote attackers to
exploit local file inclusion vulnerabilities, via multiple requests,
related to lack of support for the max_file_uploads directive
(CVE-2009-4017).
The proc_open function in ext/standard/proc_open.c in PHP
before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1)
safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars
directives, which allows context-dependent attackers to execute
programs with an arbitrary environment via the env parameter, as
demonstrated by a crafted value of the LD_LIBRARY_PATH environment
variable (CVE-2009-4018).
Intermittent segfaults occurred on x86_64 with the latest phpmyadmin
and with apache (#53735).
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
Affected: 2009.1
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
