[php-maint] Bug#354690: PHP4 in Sarge appears vulnerable to
CVE-2005-3389
Nick Jenkins
nickpj at gmail.com
Tue Feb 28 06:39:36 UTC 2006
Package: php4
Version: 4:4.3.10-16
Severity: normal
Tags: security
Ref:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389
Description:
A problem when a request was terminated due to memory_limit constraints during
certain parse_str() calls.
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called
with only one parameter, allows remote attackers to enable the register_globals
directive via inputs that cause a request to be terminated due to the
memory_limit
setting, which causes PHP to set an internal flag that enables
register_globals
and allows attackers to exploit vulnerabilities in PHP applications that would
otherwise be protected.
Vulnerable PHP versions:
PHP4 up to 4.4.0 (according to CVE)
More information about the pkg-php-maint
mailing list