php5: multiple vulnerabilities
| Package(s): | php5 | CVE #(s): | CVE-2008-5557 CVE-2008-5624 CVE-2008-5658 CVE-2007-5625 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | February 13, 2009 | Updated: | February 23, 2010 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Ubuntu advisory:
It was discovered that PHP did not properly handle Unicode conversion in the mbstring extension. If a PHP application were tricked into processing a specially crafted string containing an HTML entity, an attacker could execute arbitrary code with application privileges. (CVE-2008-5557) It was discovered that PHP did not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function. An attacker could exploit this issue to bypass safe_mode restrictions. (CVE-2008-5624) It was discovered that PHP did not properly enforce error_log safe_mode restrictions when set by php_admin_flag in the Apache configuration file. A local attacker could create a specially crafted PHP script that would overwrite arbitrary files. (CVE-2007-5625) It was discovered that PHP contained a flaw in the ZipArchive::extractTo function. If a PHP application were tricked into processing a specially crafted zip file that had filenames containing "..", an attacker could write arbitrary files within the filesystem. This issue only applied to Ubuntu 7.10, 8.04 LTS, and 8.10. (CVE-2008-5658) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||