NYCPHP Meetup

[nycphp-talk] PHP in SecurityFocus #335

Daniel Convissor danielc at analysisandsolutions.com
Sat Feb 4 14:56:22 EST 2006


These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #335

Please take a careful look at this issue. There are several serious
vulnerabilities in the PHP and many important open source
applications including Firefox, OpenSSL, OpenSSH, mod_ssl, MySQL,
bzip2, Drupal, the TCP protocol and several Adobe products.
PHP
---
PHP Parse_Str Register_Globals Activation Weakness
http://www.securityfocus.com/bid/15249
This is very troubling. Attackers can turn on register_globals by
overwriting memory. If the site running via mod_php, register_globals
will then stay on until Apache is restarted. PHP 5.1 and 4.4.1 contain
the necessary fixes.

PHP File Upload GLOBAL Variable Overwrite Vulnerability
http://www.securityfocus.com/bid/15250
This dangerous issue allows the GLOBAL super-global to be overwritten
via POST (and I assume GET) data. It has been resolved by changes in
5.1 and 4.4.1.

PHP PHPInfo Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15248
This isn't a big deal since nobody exposes the output of phpinfo() to
the public, right? :)


APPLICATIONS USING PHP
----------------------
Ashwebstudio Ashnews Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16426

Nuked-klaN Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16424

CRE Loaded Files.PHP Access Validation Vulnerability
http://www.securityfocus.com/bid/16415

sPaiz-Nuke Modules.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16412

Drupal Image Upload HTML Injection Vulnerability
http://www.securityfocus.com/bid/15663
This is old news, having been addressed in prior releases: 4.6.4 and
4.5.6.

Drupal View User Profile Authorization Bypass Vulnerability
http://www.securityfocus.com/bid/15674
This too is old news, addressed in prior releases: 4.6.4 and 4.5.6.

Drupal Submitted Content HTML Injection Vulnerability
http://www.securityfocus.com/bid/15677
Yet another problem fixed in prior releases: 4.6.4 and 4.5.6.

Invision Power Board Portal Plugin Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16447

Calendarix Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16456

SZUserMgnt Username Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/16454

FarsiNews Loginout.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/16440

EasyCMS Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/16430

phpBB Rlink Module Rlink.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16448

PunctWeb MyCO Name Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/16444

MyBB Index.PHP Referrer Cookie SQL Injection Vulnerability
http://www.securityfocus.com/bid/16443

Cerberus Helpdesk Clients.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16439

AshWebStudio AshNews Remote File Include Vulnerability
http://www.securityfocus.com/bid/16436

BrowserCRM Results.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16435

Edgewall Software Trac HTML WikiProcessor Wiki Content HTML Injection Vulnerability
http://www.securityfocus.com/bid/16198

Edgewall Software Trac Search Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/15720

PmWiki Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16421

Phpclanwebsite Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16391

Phpclanwebsite Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16391

AZ Bulletin Board Post.PHP HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/16351


RELATED STUFF
-------------
Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/16152
This only impacts Apache 2.x and has been fixed in version 2.0.55

OpenSSH SCP Shell Command Execution Vulnerability
http://www.securityfocus.com/bid/16369
Changes to version 4.3 resolve this issue.

OpenSSH GSSAPI Credential Disclosure Vulnerability
http://www.securityfocus.com/bid/14729
This was addressed back in version 4.2.

OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
http://www.securityfocus.com/bid/14727
This was addressed back in version 4.2.

OpenSSL Insecure Protocol Negotiation Weakness
http://www.securityfocus.com/bid/15071
Upgrade to versions 0.9.8a or 0.9.7h.

Multiple Vendor TCP Timestamp PAWS Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/13676

Mozilla Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting Vulnerability
http://www.securityfocus.com/bid/16427

BZip2 CHMod File Permission Modification Race Condition Weakness
http://www.securityfocus.com/bid/12954

MySQL mysql_install_db Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/13660
This isn't that big a deal because proper server management restricts
the permissions necessary to successfully run the mysql_install_db
script.

ImageMagick File Name Handling Remote Format String Vulnerability
http://www.securityfocus.com/bid/12717

Adobe Multiple Unspecified Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/16451

Microsoft Internet Explorer Dialog Manipulation Vulnerability
http://www.securityfocus.com/bid/15823






More information about the talk mailing list