Family: Debian Local Security Checks --> Category: infos
[DSA115] DSA-115-1 php Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Stefan Esser, who is also a member of the PHP team, found several
in the way PHP handles multipart/form-data POST requests (as
described in RFC1867) known as POST fileuploads. Each of the flaws
could allow a possible hacker to execute arbitrary code on the victim's
For PHP3 flaws contain a broken boundary check and an arbitrary heap
overflow. For PHP4 they consist of a broken boundary check and a heap
off by one error.
For the stable release of Debian these problems are fixed in version
3.0.18-0potato1.1 of PHP3 and version 4.0.3pl1-0potato3 of PHP4.
For the unstable and testing release of Debian these problems are
fixed in version 3.0.18-22 of PHP3 and version 4.1.2-1 of PHP4.
There is no PHP4 in the stable and unstable distribution for the arm
architecture due to a compiler error.
We recommend that you upgrade your PHP packages immediately.
Solution : http://www.debian.org/security/2002/dsa-115
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.