SECUNIA ADVISORY ID: SA37412
VERIFY ADVISORY: http://secunia.com/advisories/37412/
DESCRIPTION: Multiple vulnerabilities have been reported in PHP, some of which have unknown impact and others that can be exploited by malicious users to bypass certain security restrictions.
1) Input validation errors exist in the processing of exif data. This is related to vulnerability #3 in: SA36791
2) An error in "tempnam()" can be exploited to bypass the "safe_mode" feature.
3) An error in "posix_mkfifo()" can be exploited to bypass the "open_basedir" feature.
SOLUTION: Update to version 5.3.1.
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2, 3) Grzegorz Stachowiak
ORIGINAL ADVISORY: PHP: http://www.php.net/releases/5_3_1.php
Grzegorz Stachowiak:
http://securityreason.com/securityalert/6600
http://securityreason.com/securityalert/6601
OTHER REFERENCES: SA36791: http://secunia.com/advisories/36791/
|
This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3736
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3736