[php-maint] Bug#453295: three more CVEs
Steffen Joeris
steffen.joeris at skolelinux.de
Wed Nov 28 12:16:35 UTC 2007
Hi
There were three more CVEs[0][1][2] issued for php5.
CVE-2007-5900:
PHP before 5.2.5 allows local users to bypass protection mechanisms configured
through php_admin_value or php_admin_flag in httpd.conf by using ini_set to
modify arbitrary configuration variables, a different issue than
CVE-2006-4625.
CVE-2007-5898:
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5
accept partial multibyte sequences, which has unknown impact and attack
vectors, a different issue than CVE-2006-5465.
CVE-2007-5899:
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms
in which the ACTION attribute references a non-local URL, which allows remote
attackers to obtain potentially sensitive information by reading the requests
for this URL, as demonstrated by a rewritten form containing a local session
ID.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5900
[1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898
[2]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20071128/9f7f21d8/attachment.pgp
More information about the pkg-php-maint
mailing list