[nycphp-talk] PHP in SecurityFocus #335

Daniel Convissor danielc at
Sat Feb 4 14:56:22 EST 2006

These summaries are available online

Alerts from SecurityFocus Newsletter #335

Please take a careful look at this issue. There are several serious
vulnerabilities in the PHP and many important open source
applications including Firefox, OpenSSL, OpenSSH, mod_ssl, MySQL,
bzip2, Drupal, the TCP protocol and several Adobe products.
PHP Parse_Str Register_Globals Activation Weakness
This is very troubling. Attackers can turn on register_globals by
overwriting memory. If the site running via mod_php, register_globals
will then stay on until Apache is restarted. PHP 5.1 and 4.4.1 contain
the necessary fixes.

PHP File Upload GLOBAL Variable Overwrite Vulnerability
This dangerous issue allows the GLOBAL super-global to be overwritten
via POST (and I assume GET) data. It has been resolved by changes in
5.1 and 4.4.1.

PHP PHPInfo Cross-Site Scripting Vulnerability
This isn't a big deal since nobody exposes the output of phpinfo() to
the public, right? :)

Ashwebstudio Ashnews Cross-Site Scripting Vulnerability

Nuked-klaN Index.PHP Cross-Site Scripting Vulnerability

CRE Loaded Files.PHP Access Validation Vulnerability

sPaiz-Nuke Modules.PHP Cross-Site Scripting Vulnerability

Drupal Image Upload HTML Injection Vulnerability
This is old news, having been addressed in prior releases: 4.6.4 and

Drupal View User Profile Authorization Bypass Vulnerability
This too is old news, addressed in prior releases: 4.6.4 and 4.5.6.

Drupal Submitted Content HTML Injection Vulnerability
Yet another problem fixed in prior releases: 4.6.4 and 4.5.6.

Invision Power Board Portal Plugin Index.PHP SQL Injection Vulnerability

Calendarix Multiple SQL Injection Vulnerabilities

SZUserMgnt Username Parameter SQL Injection Vulnerability

FarsiNews Loginout.PHP Remote File Include Vulnerability

EasyCMS Multiple Cross-Site Scripting Vulnerabilities

phpBB Rlink Module Rlink.PHP Cross-Site Scripting Vulnerability

PunctWeb MyCO Name Field HTML Injection Vulnerability

MyBB Index.PHP Referrer Cookie SQL Injection Vulnerability

Cerberus Helpdesk Clients.PHP Cross-Site Scripting Vulnerability

AshWebStudio AshNews Remote File Include Vulnerability

BrowserCRM Results.PHP Cross-Site Scripting Vulnerability

Edgewall Software Trac HTML WikiProcessor Wiki Content HTML Injection Vulnerability

Edgewall Software Trac Search Module SQL Injection Vulnerability

PmWiki Multiple Input Validation Vulnerabilities

Phpclanwebsite Multiple Input Validation Vulnerabilities

Phpclanwebsite Multiple Input Validation Vulnerabilities

AZ Bulletin Board Post.PHP HTML Injection Vulnerabilities

Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
This only impacts Apache 2.x and has been fixed in version 2.0.55

OpenSSH SCP Shell Command Execution Vulnerability
Changes to version 4.3 resolve this issue.

OpenSSH GSSAPI Credential Disclosure Vulnerability
This was addressed back in version 4.2.

OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
This was addressed back in version 4.2.

OpenSSL Insecure Protocol Negotiation Weakness
Upgrade to versions 0.9.8a or 0.9.7h.

Multiple Vendor TCP Timestamp PAWS Remote Denial Of Service Vulnerability

Mozilla Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting Vulnerability

BZip2 CHMod File Permission Modification Race Condition Weakness

MySQL mysql_install_db Insecure Temporary File Creation Vulnerability
This isn't that big a deal because proper server management restricts
the permissions necessary to successfully run the mysql_install_db

ImageMagick File Name Handling Remote Format String Vulnerability

Adobe Multiple Unspecified Local Privilege Escalation Vulnerabilities

Microsoft Internet Explorer Dialog Manipulation Vulnerability

More information about the talk mailing list