Red Hat Bugzilla – Bug 171695
CVE-2004-0595 PHP flaws (CVE-2004-0594 CVE-2004-1018 CVE-2004-1019)
Last modified: 2007-04-18 13:33:29 EDT
Multiple flaws in Stronghold 4.0 PHP A flaw in the strip_tags function in PHP, commonly used by PHP scripts to prevent cross-site scripting attacks by removing HTML tags from user-supplied form data. HTML tags can, in some cases, be passed intact through the strip_tags function, which may allow a cross-site scripting attack. (CVE-2004-0595) A flaw if the memory_limit configuration setting is enabled in PHP. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code in the context of the server. (CVE-2004-0594) Various flaws, including possible information disclosure, double free, and negative reference index array underflow in the deserialization code of PHP. PHP applications may use the unserialize function on untrusted user data, which could allow a remote attacker to gain access to memory or potentially execute arbitrary code. (CVE-2004-1019) Flaws in shmop_write, pack, and unpack PHP functions. These functions are not normally passed user-supplied data, so would require a malicious PHP script to be exploited. (CVE-2004-1018)
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-816.html