Debian セキュリティ勧告

php4 -- リモートからの攻撃の可能性

報告日時:
2000-10-14
影響を受けるパッケージ:
php4
危険性:
あり
参考セキュリティデータベース:
Mitre の CVE 辞書: CVE-2000-0967.
詳細:
バージョン 4.0.3 以前の PHP 4 パッケージでは、フォーマット文字列に関す るいくつかのバグのため、巧妙に作られたリクエストで、 PHP スクリプトを ウェブサーバ上で実行するユーザとしてコードを実行することが可能となって いました。

この問題は、Debian 2.2 (potato) 用のバージョン 4.0.3-0potato1 およ びDebian 開発版 (woody) 用のバージョン 4.0.3-1 では修正されています。 これはバグ修正リリースであり、php4 のすべてのユーザに対してアップグレー ドをお勧めします。potato のユーザは、このバージョンはージョン 4.0b3 か らのアップグレードですが、互換性を損うことはないということにご注意くだ さい。

注記: Debian 2.1 (slink) には php4 パッケージは含まれておりませんの で、この問題による影響はありません。

修正:
ソース:
http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.diff.gz
http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.dsc
http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3.orig.tar.gz
アーキテクチャ非依存コンポーネント:
http://security.debian.org/dists/potato/updates/main/binary-all/php4-dev_4.0.3-0potato1_all.deb
Alpha:
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-gd_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-imap_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-ldap_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-mhash_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-mysql_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-pgsql_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-snmp_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-xml_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-gd_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-imap_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-ldap_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-mhash_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-mysql_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-pgsql_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-snmp_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-xml_4.0.3-0potato1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php4_4.0.3-0potato1_alpha.deb
Intel IA32:
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-gd_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-imap_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-ldap_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-mhash_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-mysql_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-pgsql_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-snmp_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-xml_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-gd_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-imap_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-ldap_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-mhash_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-mysql_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-pgsql_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-snmp_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4-xml_4.0.3-0potato1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php4_4.0.3-0potato1_i386.deb
Motorola 680x0:
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-gd_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-imap_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-ldap_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-mhash_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-mysql_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-pgsql_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-snmp_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-xml_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-gd_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-imap_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-ldap_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-mhash_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-mysql_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-pgsql_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-snmp_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-xml_4.0.3-0potato1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php4_4.0.3-0potato1_m68k.deb
PowerPC:
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-gd_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-imap_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-ldap_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-mhash_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-mysql_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-pgsql_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-snmp_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-xml_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-gd_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-imap_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-ldap_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-mhash_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-mysql_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-pgsql_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-snmp_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-xml_4.0.3-0potato1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4_4.0.3-0potato1_powerpc.deb
Sun SPARC:
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-gd_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-imap_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-ldap_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-mhash_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-mysql_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-pgsql_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-snmp_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-xml_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-gd_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-imap_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-ldap_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-mhash_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-mysql_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-pgsql_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-snmp_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-xml_4.0.3-0potato1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php4_4.0.3-0potato1_sparc.deb