PHP 5.2.6 plugs security holes

**Vin DSL** · 05-02-2008, 08:58 AM

SOURCE

2 May 2008, 11:40
PHP 5.2.6 plugs security holes

The developers of the PHP scripting language have issued Version 5.2.6, which fixes numerous bugs and plugs some security holes. The changes are comprehensive, including bug fixes to modules that link to third-party products. PHP 5.2.6 also rectifies several flaws that could have caused a crash.

The developers have eliminated errors in the FastCGI programming interface that could cause stack-based buffer overflows. An integer overflow in printf() has been fixed, and a previously unknown security leak, number CVE-2008-0599 in the Common Vulnerabilties and Exposures (CVE) database, is said to have been eliminated from PHP 5.2.6. A hole in cURL that attackers could have exploited in order to bypass safe_mode and a defective patch that was supposed to rectify an endless loop in zlib have also been corrected.

The accompanying version of the Perl-compatible regular expressions library (PCRE) has now been updated to Version 7.6, which in turn plugs some security holes in that library. A workaround has been included for an error in libcurl 7.16.2 that might have caused a crash.

The new version has not yet appeared on the download page of the PHP Project, but is already available as a direct download. The change log has not been updated past PHP 5.2.5 either, but the changes are shown in the NEWS file in the source code archive.

Administrators should update to the current version of PHP as soon as possible, because some of the errors it eliminates allow the injection of malicious code. Further tips on safeguarding a PHP-based web server are given in a background article at heise Security, Server peace - Individual security measures for PHP applications.

**Vin DSL** · 05-02-2008, 09:04 AM

SOURCE

Secunia Advisory: SA30048
Release Date: 2008-05-02

Critical:
Moderately critical
Impact: Unknown
Security Bypass
DoS
System access
Where: From remote
Solution Status: Vendor Patch

Software: PHP 5.2.x

CVE reference: CVE-2008-0599 (Secunia mirror)

Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS!

Description:
Some vulnerabilities have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

1) An unspecified error in the FastCGI SAPI can be exploited to cause a stack-based buffer overflow.

2) An unspecified error exists in processing incomplete multibyte characters within "escapeshellcmd()".

3) A security issue is caused due to an unspecified error. No further information is currently available.

4) An error in cURL can be exploited to bypass the "safe_mode" directive.

5) A boundary error in PCRE can potentially be exploited by malicious people to cause a DoS or compromise a vulnerable system.

For more information:
SA28923

The vulnerabilities are reported in versions prior to 5.2.6.

Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.

Solution:
Update to version 5.2.6.
http://www.php.net/downloads.php

Provided and/or discovered by:
1) The vendor credits Andrei Nigmatulin.
2) The vendor credits Stefan Esser.
3) The vendor credits Ryan Permeh.
4) The vendor credits Maksymilian Arciemowicz.

Original Advisory:
http://www.php.net/ChangeLog-5.php

Other References:
SA28923:
http://secunia.com/advisories/28923/