Bug 171695 - CVE-2004-0595 PHP flaws (CVE-2004-0594 CVE-2004-1018 CVE-2004-1019)
Summary: CVE-2004-0595 PHP flaws (CVE-2004-0594 CVE-2004-1018 CVE-2004-1019)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Stronghold for Red Hat Linux
Classification: Retired
Component: stronghold-mod_ssl
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Joe Orton
QA Contact: Stronghold Engineering List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-10-25 12:23 UTC by Mark J. Cox
Modified: 2007-04-18 17:33 UTC (History)
1 user (show)

Fixed In Version: RHSA-2005-816
Clone Of:
Environment:
Last Closed: 2005-11-02 09:21:09 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:816 0 normal SHIPPED_LIVE Important: apache, mod_ssl, php update for Stronghold 2005-11-02 05:00:00 UTC

Description Mark J. Cox 2005-10-25 12:23:16 UTC
Multiple flaws in Stronghold 4.0 PHP

A flaw in the strip_tags function in PHP, commonly used by PHP scripts to
prevent cross-site scripting attacks by removing HTML tags from
user-supplied form data. HTML tags can, in some cases, be passed intact
through the strip_tags function, which may allow a cross-site scripting
attack. (CVE-2004-0595)

A flaw if the memory_limit configuration setting is enabled in PHP. If a
remote attacker could force the PHP interpreter to allocate more memory
than the memory_limit setting before script execution begins, then the
attacker may be able to supply the contents of a PHP hash table remotely.
This hash table could then be used to execute arbitrary code in the context
of the server. (CVE-2004-0594)

Various flaws, including possible information disclosure, double free, and
negative reference index array underflow in the deserialization code of
PHP. PHP applications may use the unserialize function on untrusted user
data, which could allow a remote attacker to gain access to memory or
potentially execute arbitrary code. (CVE-2004-1019)

Flaws in shmop_write, pack, and unpack PHP functions. These functions are
not normally passed user-supplied data, so would require a malicious PHP
script to be exploited. (CVE-2004-1018)

Comment 1 Red Hat Bugzilla 2005-11-02 09:21:09 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-816.html



Note You need to log in before you can comment on or make changes to this bug.