Vulnerabilidade no PHP

  • Identifique-se para criar novos tópicos neste fórum
  • Visitantes anônimos não podem postar neste fórum
fdsfasfasfasfsfsfsfsfsfsfsfsf  Ocasional   Postagens: 28

pessoal,
Alguém que entenda do assunto pode dar uma ajuda?

notícia aqui

Abraços a todos,

Jhonjhon.
XOOPS

Gislaine  Ocasional   Postagens: 36

Grande JJ, já reportei no Dev.Xoops.org Aqui

Pelo que pudemos perceber, register globals tem que estar off e safe_mode idem.

O Extract já era conhecido como complicado e estamos retirando das aplicações mesmo.

Agora, precisa ver com o seu hospedeiro para atualizar o PHP isto é com certeza a primeira providencia.

Um kara com um portal hospedado no mesmo servidor podera comprometer outros portais, coisas que já vimos por aqui tambem. XOOPS

VAlew pelo toque e quem souber mais detalhes sobre falha de seguranca avise ai, logo mais um grupo especial somente para tratar este tema.

Gislaine  Ocasional   Postagens: 36

Ja recebi resposta do LazyBadger e a resposta é mais ou menos isto.


Pode afetar XOOPS (indiretamente), atualização do XOOPS é importantissima e isto já foi feito no xoops.org.

Bom saber, as providencias estão mais rapidas, agora falta ver os nossos portais e o que esta rodando em nossos servidores.
Estou falando com todos viu ? XOOPS

Gislaine  Ocasional   Postagens: 36

Ja estava sendo discutido sobre este problema neste tópico

Providencias já foram tomadas mesmo

Gislaine  Ocasional   Postagens: 36

Solução alen de atualizar o PHP 4.4.1

Dicas do Hervé (XOOPS Franca)

herve wrote:
In php.ini replace :
expose_php=On

With :
expose_php=Off

For Apache, in httpd.conf, replace :
ServerTokens Full

With :
ServerTokens Prod

See this :
http://httpd.apache.org/docs/1.3/mod/core.html#servertokens

Gislaine  Ocasional   Postagens: 36

Igualmente importante a leitura: ServerTokens directive

JulioNC  Iniciante De: Períº  Postagens: 6

Gisa_Iagami escreveu:
Já estáva sendo discutido sobre este problema neste tópico

Providencias já foram tomadas mesmo. XOOPS

Não há acesso

Gislaine  Ocasional   Postagens: 36

Desculpe-me Julio, o conteudo seria este:
============================================================

Secunia Advisory: SA17371 Print Advisory.
Release Date: 2005-10-31
Last Update: 2005-11-02

Critical:
Moderately critical.
Impact: Security Bypass.
Cross portal Scripting.
DoS
System access.
Where: From remote.
Solution Status: Vendor Patch.

Software: PHP 4.0.x.
PHP 4.1.x.
PHP 4.2.x.
PHP 4.3.x.
PHP 4.4.x.
PHP 5.0.x.

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

CVE reference: CAN-2005-2491

Description:
Some vulnerabilities have been reported in PHP, which can be exploited by malicious people estou conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system.

1) An error where the "GLOBALS" array is not properly protected, can be exploited estou define global variables by sending a "multipart/form-data" POST request with a specially crafted file upload field, or via a script calling the PHP function "extract()" or "import_request_variables()".

Successful exploitation may open up for vulnerabilities in various applications, but requires that "register_globals" is enabled.

The vulnerability has been reported in versions 4.4.0 and 5.0.5, and prior.

2) An error in the handling of an unexpected termination in the "parse_str()" PHP function, can be exploited estou enable the "register_globals" directive for the current execution by e.g. triggering a memory_limit request shutdown in a script calling "parse_str()".

The vulnerability has been reported in versions 4.4.0 and 5.0.5, and prior.

3) Some unspecified input passed estou the "phpinfo()" PHP function isn't properly sanitised before being returned estou the user. This can be exploited via a script calling "phpinfo()" estou execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability has been reported in versions 4.4.0 and 5.0.5, and prior.

4) An integer overflow error in pcrelib may be exploited estou cause a memory corruption via a script calling a PHP function using the PCRE library where the regular expression can be controlled by the attacker.

For more information:
SA16502

Successful exploitation may allow execution of arbitrary code.

5) The problem is that it is possible estou bypass the "safe_mode" and "open_basedir" protection mechanisms via the "ext/curl" and "ext/gd" modules.

6) An unspecified error in calling "virtual()" on Apache 2 can be exploited estou bypass certain configuration directives (e.g. "safe_mode" and "open_basedir").

Other problemas have also been reported where some may be security related.

Solution:
Update estou version 4.4.1.
http://php.net/downloads.php

The vulnerabilities affecting PHP 5 have been fixed in the CVS repository.

Provided and/or discovered by:
1-3) Stefan Esser, Hardened-PHP Project.

Reported by vendor.

Changelog:
2005-11-02: Updated "Solution" section.

Original Advisory:
Hardened-PHP Project:
http://hardened-php.net/advisory_202005.79.html
http://hardened-php.net/advisory_192005.78.html
http://hardened-php.net/advisory_182005.77.html
http://hardened-php.net/index.76.html

The PHP Group:
http://php.net/release_4_4_1.php

Other References:
SA16502:
http://secunia.com/advisories/16502/

Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Send Feedback estou Secunia:

If you have new information regarding this Secunia advisory or a product in our database, please send it estou us using either our Web form or email us at vuln@secunia.com

Ideas, suggestions, and other feedback is most welcome.

Found: 16 Related Secunia Security Advisories, displaying 10

- PHP Trailing Slash "open_basedir" Security Bypass.
- PHP Multiple Vulnerabilities.
- PHP "readfile()" Denial of Service.
- PHP Multiple Vulnerabilities.
- PHP CURL "open_basedir" Security Bypass Vulnerability.
- PHP Memory Leak and Arbitrary File Location Upload Vulnerabilities.
- PHP "strip_tags()" Function and memory_limit Vulnerabilities.
- PHP "escapeshellcmd()" and "escapeshellarg()" Security Bypass Vulnerability.
- PHP Configuration Leakage Vulnerability.
- PHP / mod_php File Descriptor Leakage Vulnerability.

Show all related advisories.

  Pesquisa avançada






Entrada

Codinome:


Senha:





Perdeu a senha?  |Cadastre-se!


Quem nos visita
Há 43 visitantes neste momento... (18 na seção Fóruns)

Associados: 0
Anônimos: 43

outros...

Banner XOOPS Cube