php4: broken boundary check
Version: N/A; reported 2002-02-27
Justification: user security hole
Unfourtunately there are several flaws in the php_mime_split function
that could be used by an attacker to execute arbitrary code.
Because I am part of the php developer team there is not much I can
27 February 2002 An updated version of php and the patch for these
vulnerabilites are now available at: http://www.php.net/downloads.php
If you are running PHP 4.0.3 or above one way to workaround these
bugs is to disable the fileupload support within your php.ini
(file_uploads = Off) If you are running php as module keep in mind
to restart the webserver. Anyway you should better install the
fixed or a properly patched version to be safe.
Debian stable php4 4.0.3pl1-0potato2:
- 2 broken boundary checks (one very easy and one hard to exploit)"
Debian testing/unstable php4 4:4.1.1-1 php4 4:4.1.1-2.1
- broken boundary check (hard to exploit)"
-- System Information
Debian Release: 3.0
Kernel: Linux debian 2.4.16-pre1 #2 Sun Nov 25 21:33:40 CET 2001 i686
Locale: LANG=de_DE.ISO-8859-1, LC_CTYPE=en_US