FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- multiple vulnerabilities

Affected packages
php5 < 5.2.7

Details

VuXML ID 27d01223-c457-11dd-a721-0030843d3802
Discovery 2008-12-04
Entry 2008-12-07

Secunia reports:

Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

An input validation error exists within the "ZipArchive::extractTo()" function when extracting ZIP archives. This can be exploited to extract files to arbitrary locations outside the specified directory via directory traversal sequences in a specially crafted ZIP archive.

An error in the included PCRE library can be exploited to cause a buffer overflow.

The problem is that the "BG(page_uid)" and "BG(page_gid)" variables are not initialized. No further information is currently available.

The problem is that the "php_value" order is incorrect for Apache configurations. No further information is currently available.

An error in the GD library can be exploited to cause a crash via a specially crafted font file.

References

CVE Name CVE-2008-2371
CVE Name CVE-2008-2829
CVE Name CVE-2008-3658
CVE Name CVE-2008-3659
CVE Name CVE-2008-3660
URL http://secunia.com/advisories/30916/
URL http://secunia.com/advisories/31409/
URL http://secunia.com/advisories/32964/
URL http://www.php.net/ChangeLog-5.php#5.2.7
URL http://www.sektioneins.de/advisories/SE-2008-06.txt