GLSA-200410-04 : PHP: Memory disclosure and arbitrary location file upload

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200410-04
(PHP: Memory disclosure and arbitrary location file upload)

Stefano Di Paola discovered two bugs in PHP. The first is a parse error in
php_variables.c that could allow a remote attacker to view the contents of
the target machine's memory. Additionally, an array processing error in the
SAPI_POST_HANDLER_FUNC() function inside rfc1867.c could lead to the
$_FILES array being overwritten.

Impact :

A remote attacker could exploit the first vulnerability to view memory
contents. On a server with a script that provides file uploads, an attacker
could exploit the second vulnerability to upload files to an arbitrary
location. On systems where the HTTP server is allowed to write in a
HTTP-accessible location, this could lead to remote execution of arbitrary
commands with the rights of the HTTP server.

Workaround :

There is no known workaround at this time.

See also :

http://secunia.com/advisories/12560/
http://www.securityfocus.com/archive/1/375294
http://www.securityfocus.com/archive/1/375370
http://www.gentoo.org/security/en/glsa/glsa-200410-04.xml

Solution :

All PHP, mod_php and php-cgi users should upgrade to the latest stable
version:
# emerge sync
# emerge -pv '>=dev-php/php-4.3.9'
# emerge '>=dev-php/php-4.3.9'
# emerge -pv '>=dev-php/mod_php-4.3.9'
# emerge '>=dev-php/mod_php-4.3.9'
# emerge -pv '>=dev-php/php-cgi-4.3.9'
# emerge '>=dev-php/php-cgi-4.3.9'

Risk factor :

Medium

Family: Gentoo Local Security Checks

Nessus Plugin ID: 15429 (gentoo_GLSA-200410-04.nasl)

Bugtraq ID:

CVE ID: