| Description: | Description:
The remote host is missing updates announced in
advisory FLSA-2004:1868.
Stefan Esser discovered a flaw when memory_limit is enabled in versions
of PHP 4 before 4.3.8. If a remote attacker could force the PHP
interpreter to allocate more memory than the memory_limit setting before
script execution begins, then the attacker may be able to supply the
contents of a PHP hash table remotely. This hash table could then be
used to execute arbitrary code as the '
apache'
user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0594 to this issue.
This issue has a higher risk when PHP is running on an instance of
Apache which is vulnerable to CVE-2004-0493. It may also be possible to
exploit this issue if using a non-default PHP configuration with the
register_defaults setting is changed to On.
Stefan Esser discovered a flaw in the strip_tags function in versions of
PHP before 4.3.8. The strip_tags function is commonly used by PHP
scripts to prevent Cross-Site-Scripting attacks by removing HTML tags
from user-supplied form data. By embedding NUL bytes into form data,
HTML tags can in some cases be passed intact through the strip_tags
function, which may allow a Cross-Site-Scripting attack. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0595 to this issue.
All users of PHP are advised to upgrade to these updated packages, which
contain backported patches that address these issues.
Affected platforms:
Redhat 7.3
Redhat 9
Solution:
http://www.securityspace.com/smysecure/catid.html?in=FLSA-2004:1868
Risk factor : High
CVSS Score:
6.8
|
