English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72452 CVE descriptions
and 39087 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2004-23
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date : 16 Sep 2004
 Last revised           : 16 Sep 2004

 Package : php

 Summary : Non-filtering of null characters allows processing of dangerous tags

 More information :
    PHP is an HTML-embedded scripting language.
    The strip_tags function in PHP, does not filter null (\0) characters
    within tag names when restricting input to allowed tags.

    This allows dangerous tags to be processed by web browsers such as Internet
    Explorer and Safari, which ignore null characters; this facilitates the
    exploitation of cross-site scripting (XSS) vulnerabilities.

 Impact :
    Bug allows dangerous tags to be processed by web browsers such as Internet
    Explorer and Safari.

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 # turbopkg
 or
 # zabom update php php-gd php-imap php-ldap php-manual php-mysql php-pgsql
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   php-4.2.3-19.src.rpm
      3595053 c5665ad3dfdc9b2c47df0324e328839c

   Binary Packages
   Size : MD5

   php-4.2.3-19.i586.rpm
      1631015 77b646a14c8f3ee3f19dac0ad449bb5d
   php-gd-4.2.3-19.i586.rpm
        30936 41f5017420fe063f3398fa916d80c02d
   php-imap-4.2.3-19.i586.rpm
         8924 0f6327426c38c905578a517d56cd8c8f
   php-ldap-4.2.3-19.i586.rpm
        24373 587fb2a24cd98de18b1a3a137245d56b
   php-manual-4.2.3-19.i586.rpm
       341528 cd81ac7b368b227e2edd1603f9cc5e48
   php-ming-4.2.3-19.i586.rpm
        32944 1739caa35757dd9b4d3a5d59f5bd256c
   php-mysql-4.2.3-19.i586.rpm
        90514 190b14a4a296773ab4af7c258aa197c2
   php-pgsql-4.2.3-19.i586.rpm
        35173 346b240a7e308808e8521fe2ed667b4b

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   php-4.2.3-19.src.rpm
      3595053 c8783be19d61d2273c78a9303ef27358

   Binary Packages
   Size : MD5

   php-4.2.3-19.i586.rpm
      1631015 cc062d269ab438d266623e0fd699fe06
   php-gd-4.2.3-19.i586.rpm
        30936 f16e2ee4c1c77842b88a72f84b741ccc
   php-imap-4.2.3-19.i586.rpm
         8924 26cb4e93c285ffb1b67630b3f8690f21
   php-ldap-4.2.3-19.i586.rpm
        24373 c0e61dbec891cdcf6068a33b42ac4eeb
   php-manual-4.2.3-19.i586.rpm
       341528 6cf984f840d4ae781f0e15052ec2c1b6
   php-ming-4.2.3-19.i586.rpm
        32944 00331f4b38361c4700f5510a67b1ef89
   php-mysql-4.2.3-19.i586.rpm
        90514 d4d8546a52ca7b25c75066b02c48f99b
   php-pgsql-4.2.3-19.i586.rpm
        35173 9da7ffe196a63ac4535f8200840d5219

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/php-4.2.3-18.src.rpm
      3594911 b8cfa0df501e49b5b3f0e07129157097

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-4.2.3-18.i586.rpm
      1630931 c0931e43f76440e1228c87a845219cf8
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-gd-4.2.3-18.i586.rpm
        30794 387736b1a1bcae63c15ad2c9a0c22d9c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-imap-4.2.3-18.i586.rpm
         8778 5fc23ff382c1c65f78279b8a2cab0aa1
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ldap-4.2.3-18.i586.rpm
        24242 9dea304cc1189e525cd1663e3135c0f4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-manual-4.2.3-18.i586.rpm
       341339 a614767749adab8e73d13de90c87fc1a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ming-4.2.3-18.i586.rpm
        32790 15df856e70940df33b9c0b8eb20d8ad7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-mysql-4.2.3-18.i586.rpm
        90377 0ac3a2fe05f05f9a18a32f1b46350e73
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-pgsql-4.2.3-18.i586.rpm
        35044 7b9e0325c77e699c07511d4c155f6701

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/php-4.2.3-18.src.rpm
      3594911 53572cc94259f49e5b1431afd60738cf

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-4.2.3-18.i586.rpm
      1631918 7de3bbc72e4ec14cc076f40975b576d1
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-gd-4.2.3-18.i586.rpm
        30750 00d7e52198c52a84bf3b6a01b74ed09e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-imap-4.2.3-18.i586.rpm
         8778 f48ba9d576d56ffe1dade4a08c1d69d4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-ldap-4.2.3-18.i586.rpm
        24251 6335de34555ab561591b44932977597b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-manual-4.2.3-18.i586.rpm
       341306 1ba564f74da044e2cba3ebca42c0445d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-ming-4.2.3-18.i586.rpm
        32765 294b36a3c4fda4678b0d483566489435
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-mysql-4.2.3-18.i586.rpm
        90390 cf762723f2372ceaae9aafe1d435fefe
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-pgsql-4.2.3-18.i586.rpm
        35006 d893b278914eb9131069c0420d8bd08b

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/php-4.2.3-18.src.rpm
      3594911 cf77d9a9c0f2c2867dea80071db19d66

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-4.2.3-18.i586.rpm
      1603039 87887fbe74a6f1fa3fab6871db182850
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-imap-4.2.3-18.i586.rpm
         8789 36db776c43e3b28ea5985a359fb9734f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-ldap-4.2.3-18.i586.rpm
        23812 5faaa8a4a2d9159acb0390054646b86e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-manual-4.2.3-18.i586.rpm
       341234 95687623e096bf7560dddab45c9b295b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-mysql-4.2.3-18.i586.rpm
        86194 5d5c6d7a371159773c76c43ce2ffc57f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-pgsql-4.2.3-18.i586.rpm
        34876 8c87aec01c6a7ac4874d0344aa8707b3

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/php-4.2.3-18.src.rpm
      3594911 f30e9ec8cafd458f84ccb4dda299b8e1

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-4.2.3-18.i586.rpm
      1602159 07c7d83963a28e69b90ec0d95590acfc
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-imap-4.2.3-18.i586.rpm
         8782 5e1eb57bf77ab85142b2a9da349786ae
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-ldap-4.2.3-18.i586.rpm
        23800 b076306891335cf0b46f0d8a70d82078
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-manual-4.2.3-18.i586.rpm
       341187 259382021ddfe2f0cf13f655c3bc7c6c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-mysql-4.2.3-18.i586.rpm
        86170 bcf6637eca00621f9e7cd11a630678a6
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-pgsql-4.2.3-18.i586.rpm
        34546 a4b2ca701c271ad27a1d553420fd7093


 Notice :
    After performing the update, it is necessary to restart the httpd daemon.
    To do this, run the following command as user root.
 ---------------------------------------------
 # /etc/init.d/httpd restart
 or
 # /etc/rc.d/init.d/httpd restart
 ---------------------------------------------

 References:

 CVE
   [CAN-2004-0595]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595


 --------------------------------------------------------------------------
 Revision History
    16 Sep 2004 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2004 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBSHjDK0LzjOqIJMwRAm64AJ4gAk6HqbmYwevGvMEUM6/oAh0zsgCeJiFT
NIswCwQDbb+66Y3V1ONXG3o=
=OkS5
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.