rhsa-2004_395
Vulnerability from csaf_redhat
Published
2004-07-19 15:24
Modified
2024-11-14 10:03
Summary
Red Hat Security Advisory: php security update

Notes

Topic
Updated php packages that fix various security issues are now available.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memory_limit configuration setting is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0594 to this issue. This issue may be exploitable if using the default PHP configuration with the "register_globals" setting of "On". The Apache memory exhaustion bug, fixed in a previous update to Red Hat Enterprise Linux 3, may also allow this PHP issue to be exploited; this Apache bug does not affect Red Hat Enterprise Linux 2.1. Stefan Esser discovered a flaw in the strip_tags function in versions of PHP before 4.3.8. The strip_tags function is commonly used by PHP scripts to prevent Cross-Site-Scripting attacks by removing HTML tags from user-supplied form data. By embedding NUL bytes into form data, HTML tags can in some cases be passed intact through the strip_tags function, which may allow a Cross-Site-Scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to this issue. All users of PHP are advised to upgrade to these updated packages, which contain backported patches that address these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated php packages that fix various security issues are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP server.\n\nStefan Esser discovered a flaw when memory_limit configuration setting  is\nenabled in versions of PHP 4 before 4.3.8.  If a remote attacker could\nforce the PHP interpreter to allocate more memory than the memory_limit\nsetting before script execution begins, then the attacker may be\nable to supply the contents of a PHP hash table remotely.  This hash table\ncould then be used to execute arbitrary code as the \u0027apache\u0027 user.  The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2004-0594 to this issue.\n\nThis issue may be exploitable if using the default PHP configuration with\nthe \"register_globals\" setting of \"On\".  The Apache memory exhaustion bug,\nfixed in a previous update to Red Hat Enterprise Linux 3, may also allow\nthis PHP issue to be exploited; this Apache bug does not affect Red Hat\nEnterprise Linux 2.1.\n\nStefan Esser discovered a flaw in the strip_tags function in versions of\nPHP before 4.3.8. The strip_tags function is commonly used by PHP scripts\nto prevent Cross-Site-Scripting attacks by removing HTML tags from\nuser-supplied form data. By embedding NUL bytes into form data, HTML tags\ncan in some cases be passed intact through the strip_tags function, which\nmay allow a Cross-Site-Scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to\nthis issue.\n\nAll users of PHP are advised to upgrade to these updated packages, which\ncontain backported patches that address these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:395",
        "url": "https://access.redhat.com/errata/RHSA-2004:395"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "127642",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=127642"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_395.json"
      }
    ],
    "title": "Red Hat Security Advisory: php security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:03:24+00:00",
      "generator": {
        "date": "2024-11-14T10:03:24+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2004:395",
      "initial_release_date": "2004-07-19T15:24:00+00:00",
      "revision_history": [
        {
          "date": "2004-07-19T15:24:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-07-19T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:03:24+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-0594",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617233"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0594"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617233",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617233"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0594",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0594"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0594",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0594"
        }
      ],
      "release_date": "2004-07-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-07-19T15:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:395"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0595",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617234"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0595"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617234",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617234"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0595",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0595"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0595",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0595"
        }
      ],
      "release_date": "2004-07-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-07-19T15:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:395"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.