---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: PHP Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21546 VERIFY ADVISORY: http://secunia.com/advisories/21546/ CRITICAL: Less critical IMPACT: Unknown, Security Bypass WHERE: Local system SOFTWARE: PHP 4.4.x http://secunia.com/product/5768/ PHP 5.1.x http://secunia.com/product/6796/ DESCRIPTION: Some vulnerabilities have been reported in PHP, where some have unknown impacts, and others can be exploited by malicious, local users to bypass certain security restrictions. 1) Missing safe_mode and open_basedir verification exists in the "file_exists()", "imap_open()", and "imap_reopen()" functions. 2) Some unspecified boundary errors exists in the "str_repeat()" and "wordwrap()" functions on 64-bit systems. 3) The open_basedir and safe_mode protection mechanisms can be bypassed via the cURL extension and the realpath cache. 4) An unspecified boundary error exists in the GD extension when handling malformed GIF images. 5) A boundary error in the "stripos()" function can be exploited to cause an out-of-bounds memory read. 6) Incorrect memory_limit restrictions exists on 64-bit systems. Other issues which may be security related have also been reported. SOLUTION: Update to version 4.4.4 or 5.1.5. http://www.php.net/downloads.php PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.php.net/release_4_4_4.php http://www.php.net/release_5_1_5.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------