php vulnerabillity

cactus · 2004-12-17 21:26:35

PHP.net wrote:

The PHP Development Team would like to announce the immediate release of PHP 4.3.10 and PHP 5.0.3. These are maintenance releases that in addition to non-critical bug fixes address several very serious security issues. All Users of PHP are strongly encouraged to upgrade to one of these releases as soon as possible.

pkgname=php
pkgver=5.0.3
pkgrel=1
pkgdesc="A high-level scripting language"
url="http://www.php.net"
backup=(etc/php.ini)
depends=('openssl' 'libjpeg' 'libpng' 'gdbm' 'libxml2' 'ncurses' 'curl')
makedepends=('apache' 'mysql' 'imap' 'openldap' 'pam' 'freetype2' 'postgresql' 'bzip2' 'smtp-server' 'gd' 'unixodbc')
source=(http://www.php.net/distributions/$pkgname-$pkgver.tar.gz php.ini)
md5sums=('bf89557056ce34d502e20e24071616c7' 'd5b9b37fbb746f0967d795763106735a')
 
build() {
  cd $startdir/src/$pkgname-$pkgver
  ./configure --with-apxs2 --prefix=/usr --sysconfdir=/etc 
    --with-layout=PHP 
    --with-ttf --enable-mailparse --with-config-file-scan-dir=/etc 
    --enable-bcmath=shared --enable-calendar=shared --enable-ftp=shared 
    --enable-gd-native-ttf --enable-magic-quotes --enable-posix=shared 
    --enable-session --enable-shared --enable-shmop=shared --with-imap 
    --with-imap-ssl --with-ncurses --with-readline 
    --enable-sysvsem=shared --enable-sysvshm=shared --enable-track-vars 
    --enable-trans-sid --enable-safe-mode --enable-sockets=shared 
    --enable-xml --with-bz2=shared --with-curl --with-mime-magic 
    --with-unixODBC=shared 
    --enable-dba --without-db2 --without-db3 --with-inifile --with-flatfile 
    --with-gdbm --with-freetype-dir=/usr --with-gd=shared --enable-exif 
    --with-jpeg-dir=/usr --with-mysql=shared,/usr --with-ldap=shared 
    --with-mysql-sock=/tmp/mysql.sock --with-openssl --with-gettext 
    --with-pear=/usr/share/pear --with-dom --with-dom-xslt 
    --with-pgsql=shared --with-pgsql-sock=/tmp/pgsql.sock 
    --with-png-dir=/usr --with-regex=php --with-zlib
  # fixes a build error in sqlite support
  ln -s main/php_config.h ./config.h
  make || return 1
  mkdir -p $startdir/pkg/usr/lib/apache
#  cp config_vars.mk config_vars.old
#  sed "s|^INSTALL_IT.*$|INSTALL_IT = apxs -i -a -S LIBEXECDIR=$startdir/pkg/usr/lib/apache -n php4 libs/libphp4.so|" config_vars.old >config_vars.mk
  sed -i "s|-i -a -n php5|-i -n php5|g" Makefile
  make INSTALL_ROOT=$startdir/pkg EXTENSION_DIR=/usr/lib/php install
  cp ../php.ini $startdir/pkg/etc
}

I use different compiled in options from the arch php package, so I recommend going into abs and modifying the pkgver the pkgrel and the md5sums lines.

phrakture · 2004-12-17 21:30:08

This affects PHP serialization,
therefore PHPBB is vunerable... so if anything, please upgrade the forum server

afu · 2004-12-21 20:39:47

I can vouch that this is ugly (phpBB). I found a irc server installed in /var/tmp (as .bash_httpd -- notice it was hidden) running as user apache on one of my RedHat webservers. There is also a worm going around that defaces .html files under the webserver root dir and vhosts.

If you have a file called viewtopic.php , you better get patching quickly.

cactus · 2004-12-21 20:43:58

I know someone else that fell prey to this as well..
not good. It dropped a webfile with the following contents:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>This site is defaced!!!</TITLE>
</HEAD><BODY bgcolor="#000000" text="#FF0000">
<H1>This site is defaced!!!</H1>
<HR>
<ADDRESS><b>NeverEverNoSanity WebWorm generation 8.</b></ADDRESS>
</BODY></HTML>

Arch Linux

#1 2004-12-17 21:26:35

php vulnerabillity

#2 2004-12-17 21:30:08

Re: php vulnerabillity

#3 2004-12-21 20:39:47

Re: php vulnerabillity

#4 2004-12-21 20:43:58

Re: php vulnerabillity

Board footer