HI, Not being an expert in php..i couldnt understand the vulnerability. Can someone shed some light here.
Regards anil ----- Original Message ----- From: "Marko Karppinen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "PHP-DEV" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, July 22, 2002 9:49 AM Subject: [ANNOUNCE] PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and4.2.1 > > PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 > > > Issued on: July 22, 2002 > Software: PHP versions 4.2.0 and 4.2.1 > Platforms: All > > > The PHP Group has learned of a serious security vulnerability in PHP > versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary > code with the privileges of the web server. This vulnerability may be > exploited to compromise the web server and, under certain conditions, > to gain privileged access. > > > Description > > PHP contains code for intelligently parsing the headers of HTTP POST > requests. The code is used to differentiate between variables and files > sent by the user agent in a "multipart/form-data" request. This parser > has insufficient input checking, leading to the vulnerability. > > The vulnerability is exploitable by anyone who can send HTTP POST > requests to an affected web server. Both local and remote users, even > from behind firewalls, may be able to gain privileged access. > > > Impact > > Both local and remote users may exploit this vulnerability to compromise > the web server and, under certain conditions, to gain privileged access. > So far only the IA32 platform has been verified to be safe from the > execution of arbitrary code. The vulnerability can still be used on IA32 > to crash PHP and, in most cases, the web server. > > > Solution > > The PHP Group has released a new PHP version, 4.2.2, which incorporates > a fix for the vulnerability. All users of affected PHP versions are > encouraged to upgrade to this latest version. The downloads web site at > > http://www.php.net/downloads.php > > has the new 4.2.2 source tarballs, Windows binaries and source patches > from 4.2.0 and 4.2.1 available for download. > > > Workaround > > If the PHP applications on an affected web server do not rely on HTTP > POST input from user agents, it is often possible to deny POST requests > on the web server. > > In the Apache web server, for example, this is possible with the > following code included in the main configuration file or a top-level > .htaccess file: > > <Limit POST> > Order deny,allow > Deny from all > </Limit> > > Note that an existing configuration and/or .htaccess file may have > parameters contradicting the example given above. > > > Credits > > The PHP Group would like to thank Stefan Esser of e-matters GmbH for > discovering this vulnerability. > > > Copyright (c) 2002 The PHP Group. > > > > -- > PHP Announcements Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
