SECUNIA ADVISORY ID: SA24089

VERIFY ADVISORY: http://secunia.com/advisories/24089/

CRITICAL: Moderately critical

IMPACT: Unknown, Security Bypass, Exposure of sensitive information

WHERE: >From remote

SOFTWARE:
PHP 4.?.? -
PHP 5.1.x - http://secunia.com/product/6796/
PHP 5.2.x - http://secunia.com/product/13446/

DESCRIPTION: Several vulnerabilities have been reported in PHP. Some have unknown impacts, while others can be exploited to disclose potentially sensitive information or bypass certain security restrictions. Other issues which may be security related have also been reported.

NOTE: Some issues can be triggered remotely under certain circumstances.

1) The "safe_mode" and "open_basedir" protection mechanisms can be bypassed via the session extension.

2) Unspecified overflows can be exploited to cause a stack corruption in the session extension.

3) Stack overflows exist in the "zip", "imap", and "sqlite" extensions.

4) A boundary error within the stream filters can be exploited to cause a buffer overflow.

5) An unspecified overflow exist in the " tr_replace()" function.

6) An unspecified error in the wddx extension can be exploited to disclose potentially sensitive information.

7) An format string error exists in the *print() functions on 64-bit systems.

8) Boundary errors exist within the "mail()" and the "ibase_add_user()", "ibase_delete_user()", and "ibase_modify_user()" and can be exploited to cause buffer overflows.

9) An format string error exists in the odbc_result_all() function.

SOLUTION:
Update to version 4.4.5.
Update to version 5.2.1.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.php.net/releases/5_2_1.php