SB2009081906 - Multiple vulnerabilities in PHP
Published: August 19, 2009 Updated: June 12, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2008-7002)
The vulnerability allows a local user to execute arbitrary code.
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.
2) Path traversal (CVE-ID: CVE-2008-5658)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the ZipArchive::extractTo function in PHP 5.2.6 and earlier. A remote authenticated attacker can send a specially crafted HTTP request and context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains . (dot dot) sequences.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2008-5625)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.
4) Path traversal (CVE-ID: CVE-2008-2666)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.
5) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2008-0599)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
6) Input validation error (CVE-ID: CVE-2008-1384)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2007-4850)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a x00 sequence, a different vulnerability than CVE-2006-2563.
8) Input validation error (CVE-ID: CVE-2007-6039)
The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function.
Remediation
Install update from vendor's website.
References
- http://downloads.securityfocus.com/vulnerabilities/exploits/31064.php
- http://www.securityfocus.com/bid/31064
- http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://marc.info/?l=bugtraq&m=124654546101607&w=2
- http://marc.info/?l=bugtraq&m=125631037611762&w=2
- http://osvdb.org/50480
- http://secunia.com/advisories/35003
- http://secunia.com/advisories/35306
- http://secunia.com/advisories/35650
- http://wiki.rpath.com/Advisories:rPSA-2009-0035
- http://www.debian.org/security/2009/dsa-1789
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
- http://www.openwall.com/lists/oss-security/2008/12/04/3
- http://www.php.net/ChangeLog-5.php#5.2.7
- http://www.redhat.com/support/errata/RHSA-2009-0350.html
- http://www.securityfocus.com/archive/1/501376/100/0/threaded
- http://www.securityfocus.com/bid/32625
- http://www.securitytracker.com/id?1021303
- http://www.sektioneins.de/advisories/SE-2008-06.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47079
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
- http://archives.neohapsis.com/archives/bugtraq/2008-11/0152.html
- http://osvdb.org/52205
- http://securityreason.com/achievement_securityalert/57
- http://www.securityfocus.com/bid/32383
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47314
- https://www.exploit-db.com/exploits/7171
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://secunia.com/advisories/32746
- http://secunia.com/advisories/35074
- http://security.gentoo.org/glsa/glsa-200811-05.xml
- http://securityreason.com/achievement_securityalert/55
- http://securityreason.com/securityalert/3942
- http://support.apple.com/kb/HT3549
- http://www.securityfocus.com/bid/29796
- http://www.securitytracker.com/id?1020328
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43198
- http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u
- http://www.php.net/ChangeLog-5.php
- http://www.openwall.com/lists/oss-security/2008/05/02/2
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
- https://issues.rpath.com/browse/RPL-2503
- http://www.kb.cert.org/vuls/id/147027
- http://www.securityfocus.com/bid/29009
- http://www.securitytracker.com/id?1019958
- http://secunia.com/advisories/30048
- http://secunia.com/advisories/30345
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
- http://secunia.com/advisories/31326
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
- http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
- http://secunia.com/advisories/30828
- http://www.redhat.com/support/errata/RHSA-2008-0505.html
- http://secunia.com/advisories/30757
- http://secunia.com/advisories/31200
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:128
- http://www.ubuntu.com/usn/usn-628-1
- http://secunia.com/advisories/30083
- http://secunia.com/advisories/30616
- http://www.vupen.com/english/advisories/2008/1412
- http://www.vupen.com/english/advisories/2008/2268
- http://www.vupen.com/english/advisories/2008/1810/references
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42137
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5510
- http://www.securityfocus.com/archive/1/492535/100/0/threaded
- http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
- http://secunia.com/advisories/30158
- http://secunia.com/advisories/30411
- http://secunia.com/advisories/30967
- http://securityreason.com/achievement_securityalert/52
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
- http://www.debian.org/security/2008/dsa-1572
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
- http://www.securityfocus.com/archive/1/489962/100/0/threaded
- http://www.securityfocus.com/archive/1/492671/100/0/threaded
- http://www.securityfocus.com/bid/28392
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41386
- http://cvs.php.net/viewcvs.cgi/php-src/NEWS?revision=1.2027.2.547.2.1047&view=markup
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html
- http://secunia.com/advisories/32222
- http://securityreason.com/achievement_securityalert/51
- http://securityreason.com/securityalert/3562
- http://support.apple.com/kb/HT3216
- http://www.securityfocus.com/archive/1/486856/100/0/threaded
- http://www.securityfocus.com/bid/27413
- http://www.securityfocus.com/bid/31681
- http://www.vupen.com/english/advisories/2008/2780
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39852
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42134
- http://securityreason.com/securityalert/3365
- http://securityreason.com/securityalert/3366
- http://www.securityfocus.com/archive/1/483644/100/0/threaded
- http://www.securityfocus.com/archive/1/483648/100/0/threaded
- http://www.securityfocus.com/bid/26426
- http://www.securityfocus.com/bid/26428
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38442
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38443