six_dfx Well I'm the Lord of Time. | Code :
- PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
- Issued on: July 22, 2002
- Software: PHP versions 4.2.0 and 4.2.1
- Platforms: All
- The PHP Group has learned of a serious security vulnerability in PHP
- versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary
- code with the privileges of the web server. This vulnerability may be
- exploited to compromise the web server and, under certain conditions,
- to gain privileged access.
- Description
- PHP contains code for intelligently parsing the headers of HTTP POST
- requests. The code is used to differentiate between variables and files
- sent by the user agent in a "multipart/form-data" request. This parser
- has insufficient input checking, leading to the vulnerability.
- The vulnerability is exploitable by anyone who can send HTTP POST
- requests to an affected web server. Both local and remote users, even
- from behind firewalls, may be able to gain privileged access.
- Impact
- Both local and remote users may exploit this vulnerability to compromise
- the web server and, under certain conditions, to gain privileged access.
- So far only the IA32 platform has been verified to be safe from the
- execution of arbitrary code. The vulnerability can still be used on IA32
- to crash PHP and, in most cases, the web server.
- Solution
- The PHP Group has released a new PHP version, 4.2.2, which incorporates
- a fix for the vulnerability. All users of affected PHP versions are
- encouraged to upgrade to this latest version. The downloads web site at
- http://www.php.net/downloads.php
-
- has the new 4.2.2 source tarballs, Windows binaries and source patches
- from 4.2.0 and 4.2.1 available for download.
- Workaround
- If the PHP applications on an affected web server do not rely on HTTP
- POST input from user agents, it is often possible to deny POST requests
- on the web server.
- In the Apache web server, for example, this is possible with the
- following code included in the main configuration file or a top-level
- .htaccess file:
- <Limit POST>
- Order deny,allow
- Deny from all
- </Limit>
-
- Note that an existing configuration and/or .htaccess file may have
- parameters contradicting the example given above.
- Credits
- The PHP Group would like to thank Stefan Esser of e-matters GmbH for
- discovering this vulnerability.
-
- Copyright (c) 2002 The PHP Group.
|
en gros la faille concerne le décodage par PHP des requetes POST multipart et n'est pas exploitable sur du IA32 (x86) ---------------
Don't blink. Don't even blink. Blink and you're dead. They are fast, faster than you could believe, don't turn your back, don't look away, and DON'T BLINK. Good luck.
|