Package: php4 Version: N/A; reported 2002-02-27 Severity: grave Tags: security Justification: user security hole
http://security.e-matters.de/advisories/012002.html "... Unfourtunately there are several flaws in the php_mime_split function that could be used by an attacker to execute arbitrary code. ... Vendor Response Because I am part of the php developer team there is not much I can write here... 27 February 2002 An updated version of php and the patch for these vulnerabilites are now available at: http://www.php.net/downloads.php Recommendation If you are running PHP 4.0.3 or above one way to workaround these bugs is to disable the fileupload support within your php.ini (file_uploads = Off) If you are running php as module keep in mind to restart the webserver. Anyway you should better install the fixed or a properly patched version to be safe. ..." Debian stable php4 4.0.3pl1-0potato2: "PHP 4.0.2-4.0.5 - 2 broken boundary checks (one very easy and one hard to exploit)" Debian testing/unstable php4 4:4.1.1-1 php4 4:4.1.1-2.1 "PHP 4.0.7RC3-4.1.1 - broken boundary check (hard to exploit)" -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux debian 2.4.16-pre1 #2 Sun Nov 25 21:33:40 CET 2001 i686 Locale: LANG=de_DE.ISO-8859-1, LC_CTYPE=en_US
