HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2008-24
Multiple Vulnerabilities in PHP

Original issue May 13, 2008

Severity Rating: High

Systems Affected

•  PHP versions prior to 5.2.6

Overview

Multiple vulnerabilities have been reported in PHP. Some of these vulnerabilities have unknown impacts, while others can be exploited by malicious people to compromise the affected system.

Description

1. PHP path code execution vulnerability
   (CVE-2008-0599 , CWE-189 )

A vulnerability has been reported in the cgi_main.c in PHP due to an error in calculating the length of PATH_TRANSLATED while processing filenames. This vulnerability can be exploited by remote attackers to execute arbitrary code on the affected system.

2. PHP “fastcgi.c” stack-based buffer overflow vulnerability    (CVE-2008-2050, CWE-119)

A vulnerability has been reported in PHP due to an unspecified error in the FastCGI SAPI “fastcgi.c” . This vulnerability can be exploited by remote attacker to cause a stack-based buffer overflow attack.

3. PHP escapeshellcmd API function Vulnerability
   (CVE-2008-2051)

A vulnerability has been reported in escapeshellcmd API function in PHP. The function escapeshellcmd() escapes any characters in a string that might be used to trick a shell command into executing arbitrary commands. This function should be used to make sure that any data coming from user input is escaped before this data is passed to the exec() or system() functions, or to the backtick operator. This vulnerability can be exploited by an attacker when escapeshellcmd() gets attacked via incomplete multibyte chars.

4. PHP GENERATE_SEED() weak security Vulnerability
   (CVE-2008-2107 , CWE-189)

A vulnerability has been reported in PHP due to multiplication process by the GENERATE_SEED macro function that creates zero bit portions when running on 32-bit systems. This can be exploited by remote attacker to generate predictable random numbers and gain unauthorized access to the applications via predict subsequent values of the rand and mt_rand functions.

5. PHP GENERATE_SEED() Brute Force Attack Vulnerability
   (CVE-2008-2108 , CWE-189)

A vulnerability has been reported in PHP due to insufficient precision while performing a multiplication that generates a portion of zero bits during conversion when running on 64-bit systems. This vulnerability can be exploited by remote attacker to cause brute force attacks against protection mechanisms via rand and mt_rand functions.


Solution

Upgrade to the latest version of PHP 5.2.6
http://www.php.net/downloads.php

Vendor Information

PHP
http://www.php.net/ChangeLog-5.php

References

Secunia
http://secunia.com/advisories/30048/

X-Force
http://xforce.iss.net/xforce/xfdb/42226
http://xforce.iss.net/xforce/xfdb/42137

SecurityFocus
http://www.securityfocus.com/archive/1/archive/1/
491683/100/0/threaded

FrSIRT
http://www.frsirt.com/english/advisories/2008/1412

AusCERT
http://www.auscert.org.au/render.html?it=9255

CVE-Name
CVE-2008-0599
CVE-2008-2051
CVE-2008-2050
CVE-2008-2107
CVE-2008-2108

CWE-Name
CWE-189
CWE-119

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003