Debian Security Advisory
php3 -- possible remote exploit
- Date Reported:
- 14 Oct 2000
- Affected Packages:
- php3
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-0967.
- More information:
-
In versions of the PHP 3 packages before version 3.0.17, several format
string bugs could allow properly crafted requests to execute code as the
user running PHP scripts on the web server, particularly if error logging
was enabled.
This problem is fixed in versions 3.0.17-0potato2 and 3.0.17-0potato3 for Debian 2.2 (potato) and in version 3.0.17-1 for Debian Unstable (woody). This is a bug fix release and we recommend all users of php3 upgrade to it.
Debian GNU/Linux 2.1 (slink) contains php3 version 3.0.5, which is believed to be affected by this problem. No security updates for slink are available at this time; Slink users who have php3 installed are highly recommended to either upgrade to potato or recompile the potato php3 packages from source (see the URLs below).
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
- http://security.debian.org/dists/potato/updates/main/source/php3_3.0.17-0potato3.diff.gz
- http://security.debian.org/dists/potato/updates/main/source/php3_3.0.17-0potato3.dsc
- http://security.debian.org/dists/potato/updates/main/source/php3_3.0.17.orig.tar.gz
- http://security.debian.org/dists/potato/updates/main/source/php3_3.0.17-0potato3.dsc
- Architecture-independent component:
- http://security.debian.org/dists/potato/updates/main/binary-all/php3-doc_3.0.17-0potato3_all.deb
- Alpha:
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-gd_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-imap_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-ldap_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-magick_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-mhash_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-mysql_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-pgsql_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-snmp_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-xml_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-dev_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-gd_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-imap_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-ldap_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-magick_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-mhash_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-mysql_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-pgsql_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-snmp_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-xml_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3_3.0.17-0potato3_alpha.deb
- http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-imap_3.0.17-0potato3_alpha.deb
- ARM:
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-gd_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-imap_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-ldap_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-magick_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-mhash_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-mysql_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-pgsql_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-snmp_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-xml_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-dev_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-gd_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-imap_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-ldap_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-magick_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-mhash_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-mysql_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-pgsql_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-snmp_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-xml_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3_3.0.17-0potato3_arm.deb
- http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-imap_3.0.17-0potato3_arm.deb
- Intel IA-32:
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-gd_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-imap_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-ldap_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-magick_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-mhash_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-mysql_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-pgsql_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-snmp_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-xml_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-dev_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-gd_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-imap_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-ldap_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-magick_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-mhash_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-mysql_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-pgsql_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-snmp_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-xml_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3_3.0.17-0potato2_i386.deb
- http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-imap_3.0.17-0potato2_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-gd_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-imap_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-ldap_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-magick_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-mhash_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-mysql_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-pgsql_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-snmp_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-xml_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-dev_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-gd_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-imap_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-ldap_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-magick_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-mhash_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-mysql_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-pgsql_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-snmp_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-xml_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3_3.0.17-0potato3_m68k.deb
- http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-imap_3.0.17-0potato3_m68k.deb
- PowerPC:
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-gd_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-imap_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-ldap_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-magick_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-mhash_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-mysql_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-pgsql_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-snmp_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-xml_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-dev_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-gd_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-imap_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-ldap_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-magick_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-mhash_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-mysql_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-pgsql_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-snmp_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-xml_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3_3.0.17-0potato3_powerpc.deb
- http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-imap_3.0.17-0potato3_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-gd_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-imap_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-ldap_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-magick_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-mhash_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-mysql_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-pgsql_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-snmp_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-xml_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-dev_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-gd_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-imap_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-ldap_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-magick_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-mhash_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-mysql_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-pgsql_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-snmp_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-xml_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3_3.0.17-0potato3_sparc.deb
- http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-imap_3.0.17-0potato3_sparc.deb