GLSA-200410-04 : PHP: Memory disclosure and arbitrary location file upload

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200410-04
(PHP: Memory disclosure and arbitrary location file upload)

Stefano Di Paola discovered two bugs in PHP. The first is a parse error in
php_variables.c that could allow a remote attacker to view the contents of
the target machine's memory. Additionally, an array processing error in the
SAPI_POST_HANDLER_FUNC() function inside rfc1867.c could lead to the
$_FILES array being overwritten.

Impact :

A remote attacker could exploit the first vulnerability to view memory
contents. On a server with a script that provides file uploads, an attacker
could exploit the second vulnerability to upload files to an arbitrary
location. On systems where the HTTP server is allowed to write in a
HTTP-accessible location, this could lead to remote execution of arbitrary
commands with the rights of the HTTP server.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All PHP, mod_php and php-cgi users should upgrade to the latest stable
# emerge sync
# emerge -pv '>=dev-php/php-4.3.9'
# emerge '>=dev-php/php-4.3.9'
# emerge -pv '>=dev-php/mod_php-4.3.9'
# emerge '>=dev-php/mod_php-4.3.9'
# emerge -pv '>=dev-php/php-cgi-4.3.9'
# emerge '>=dev-php/php-cgi-4.3.9'

Risk factor :


Family: Gentoo Local Security Checks

Nessus Plugin ID: 15429 (gentoo_GLSA-200410-04.nasl)

Bugtraq ID: