Aviso de seguridad de Debian
php4 -- posible explotación remota
- Fecha del informe:
- 14 de oct de 2000
- Paquetes afectados:
- php4
- Vulnerable:
- Sí
- Referencias a bases de datos de seguridad:
- En el diccionario CVE de Mitre: CVE-2000-0967.
- Información adicional:
-
En las versiones de paquetes PHP 4 anteriores a la versión 4.0.3, algunas
cadenas de formato contenían errores que podían permitir que peticiones
modificadas adecuadamente ejecutaran código como el usuario con el que
estuviera ejecutando los scripts PHP en el servidor.
Este problema está arreglado en las versiones 4.0.3-0potato1 para Debian 2.2 (potato) y 4.0.3-1 para Debian inestable (woody). Esta es una versión de reparación de error y le recomendamos a todos los usuarios de php4 que se actualicen; los usuarios de potato deberían notar que esta es una actualización de 4.0b3, pero no se esperan incompatibilidades.
Nota: Debian 2.1 (slink) no contiene ningún paquete php4, y por tanto, no está afectada.
- Arreglado en:
-
- Fuentes:
- http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.diff.gz
- http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.dsc
- http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3.orig.tar.gz
- http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.dsc
- Componentes independientes de la arquitectura:
- http://security.debian.org/dists/potato/updates/main/binary-all/php4-dev_4.0.3-0potato1_all.deb
- Alpha:
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-gd_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-imap_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-ldap_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-mhash_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-mysql_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-pgsql_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-snmp_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-xml_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-gd_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-imap_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-ldap_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-mhash_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-mysql_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-pgsql_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-snmp_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-xml_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4_4.0.3-0potato1_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-imap_4.0.3-0potato1_alpha.deb
- Intel IA32:
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-gd_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-imap_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-ldap_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-mhash_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-mysql_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-pgsql_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-snmp_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-xml_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-gd_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-imap_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-ldap_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-mhash_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-mysql_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-pgsql_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-snmp_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-xml_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4_4.0.3-0potato1_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-imap_4.0.3-0potato1_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-gd_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-imap_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-ldap_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-mhash_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-mysql_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-pgsql_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-snmp_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-xml_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-gd_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-imap_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-ldap_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-mhash_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-mysql_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-pgsql_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-snmp_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-xml_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4_4.0.3-0potato1_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-imap_4.0.3-0potato1_m68k.deb
- PowerPC:
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-gd_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-imap_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-ldap_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-mhash_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-mysql_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-pgsql_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-snmp_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-xml_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-gd_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-imap_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-ldap_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-mhash_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-mysql_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-pgsql_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-snmp_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-xml_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4_4.0.3-0potato1_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-imap_4.0.3-0potato1_powerpc.deb
- Sun SPARC:
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-gd_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-imap_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-ldap_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-mhash_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-mysql_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-pgsql_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-snmp_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-xml_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-gd_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-imap_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-ldap_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-mhash_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-mysql_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-pgsql_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-snmp_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-xml_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4_4.0.3-0potato1_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-imap_4.0.3-0potato1_sparc.deb