Hello!
We have a server with Debian Woody
I have passed the Retina vulnerability scanner in our LAN and it has
detected several ones.
The php version we have is 4.1.2-7.0.1
I know this question has 2 facet. One for people in Retina software and the
other to people that use Debian.
1) I would like to know if the scanner gives positive when it sees the
version or
the program makes a real test to see if the vulnerability exists??
Do I have to upgrade PHP from sources?
Has anyone have a similar doubt?
Vulnerability explanation:
Among them The PHP Group has released a new PHP version, 4.2.2
PHP contains code for intelligently parsing the headers of HTTP POST
requests.
The code is used to differentiate between variables and files sent
by the user agent in a "multipart/form-data" request.
This parser has insufficient input checking, leading to the
vulnerability.
The vulnerability is exploitable by anyone who can send HTTP POST
requests to an affected web server. Both local and remote users, even
from behind firewalls, may be able to gain privileged access.
2) Another vulnerabilty has to do with Apache (1.3.26-0woo)
Apache httpd scoreboard modification vulnerability
Versions of Apache 1.3.x prior to 1.3.27 allow a user running as the Apache
UID (for instance, through web server exploitation, or the invocation or
exploitation of a PHP or Perl script) to modify the httpd daemon's
scoreboard in shared memory. An attacker can exploit this vulnerability to
cause SIGUSR1 signals to be sent to arbitrary processes as root, possibly
leading to a denial of service condition or other improper behavior.
Thanks in advance
Evelio Martínez
