Upgrade your PHP modules ASAP...
Really big security hole announced yesterday (along with patches and a new PHP version). Everyone is strongly recommended to upgrade ASAP.
From the security announcement (http://security.e-matters.de/advisories/012002.html):
PHP supports multipart/form-data POST requests (as described in RFC1867) known as POST fileuploads. Unfourtunately there are several flaws in the php_mime_split function that could be used by an attacker to execute arbitrary code. During our research we found out that not only PHP4 but also older versions from the PHP3 tree are vulnerable.
The following is a list of bugs we found:
PHP 3.0.10-3.0.18
- broken boundary check (hard to exploit)
- arbitrary heap overflow (easy exploitable)
PHP 4.0.1-4.0.3pl1
- broken boundary check (hard to exploit)
- heap off by one (easy exploitable)
PHP 4.0.2-4.0.5
- 2 broken boundary checks (one very easy and one hard to exploit)
PHP 4.0.6-4.0.7RC2
- broken boundary check (very easy to exploit)
PHP 4.0.7RC3-4.1.1
- broken boundary check (hard to exploit)
Finally I want to mention that the boundary check vulnerabilities are only exploitable on linux or solaris. The heap off by one is only exploitable on linux(maybe solaris)x86 and the arbitrary heap overflow in PHP3 is exploitable on most OS and architectures. (This includes *BSD, Windows, Linux, Solaris)
You can upgrade to the latest, unaffected version (4.1.2) or there are patches available for 4.1.0/4.1.1, 4.0.6, and 3.0. They are available at http://www.php.net/downloads.php
From the security announcement (http://security.e-matters.de/advisories/012002.html):
PHP supports multipart/form-data POST requests (as described in RFC1867) known as POST fileuploads. Unfourtunately there are several flaws in the php_mime_split function that could be used by an attacker to execute arbitrary code. During our research we found out that not only PHP4 but also older versions from the PHP3 tree are vulnerable.
The following is a list of bugs we found:
PHP 3.0.10-3.0.18
- broken boundary check (hard to exploit)
- arbitrary heap overflow (easy exploitable)
PHP 4.0.1-4.0.3pl1
- broken boundary check (hard to exploit)
- heap off by one (easy exploitable)
PHP 4.0.2-4.0.5
- 2 broken boundary checks (one very easy and one hard to exploit)
PHP 4.0.6-4.0.7RC2
- broken boundary check (very easy to exploit)
PHP 4.0.7RC3-4.1.1
- broken boundary check (hard to exploit)
Finally I want to mention that the boundary check vulnerabilities are only exploitable on linux or solaris. The heap off by one is only exploitable on linux(maybe solaris)x86 and the arbitrary heap overflow in PHP3 is exploitable on most OS and architectures. (This includes *BSD, Windows, Linux, Solaris)
You can upgrade to the latest, unaffected version (4.1.2) or there are patches available for 4.1.0/4.1.1, 4.0.6, and 3.0. They are available at http://www.php.net/downloads.php
