Información sobre seguridad / 2000 / Información sobre seguridad -- php3

Aviso de seguridad de Debian

php3 -- posible explotación remota

Fecha del informe:

14 de oct de 2000

Paquetes afectados:

php3

Vulnerable:

Sí

Referencias a bases de datos de seguridad:

En el diccionario CVE de Mitre: CVE-2000-0967.

Información adicional:

En las versiones de los paquetes PHP 3 anteriores a la versión 3.0.17, varios errores de cadena de formato permitían a peticiones propiamente modificadas ejecutar código como el usuario que ejecutaba los scripts PHP del servidor web, particularmente si el registro de errores estaba activado.

Este problema está arreglado en las versiones 3.0.17-0potato2 y 3.0.17-0potato3 para Debian 2.2 (potato) y en la versión 3.0.17-1 para Debian inestable (woody). Esta es una corrección de error y le recomendamos a todos los usuarios de php3 que se actualicen.

Debian GNU/Linux 2.1 (slink) contiene la versión 3.0.5, que se cree que está afectada por este problema. No hay actualizaciones de seguridad para slink en este momento; Se insta a los usuarios de slink que tengan php3 instalado a que o bien actualicen a potato o bien recompilen los paquetes php3 de potato desde las fuentes (vea las URLs abajo).

Arreglado en:

Debian GNU/Linux 2.2 (potato)

Fuentes:

http://security.debian.org/dists/potato/updates/main/source/php3_3.0.17-0potato3.diff.gz

http://security.debian.org/dists/potato/updates/main/source/php3_3.0.17-0potato3.dsc

http://security.debian.org/dists/potato/updates/main/source/php3_3.0.17.orig.tar.gz

Componentes independientes de la arquitectura:

http://security.debian.org/dists/potato/updates/main/binary-all/php3-doc_3.0.17-0potato3_all.deb

Alpha:

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-gd_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-imap_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-ldap_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-magick_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-mhash_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-mysql_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-pgsql_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-snmp_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-xml_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-dev_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-gd_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-imap_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-ldap_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-magick_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-mhash_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-mysql_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-pgsql_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-snmp_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-xml_3.0.17-0potato3_alpha.deb

http://security.debian.org/dists/potato/updates/main/binary-alpha/php3_3.0.17-0potato3_alpha.deb

ARM:

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-gd_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-imap_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-ldap_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-magick_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-mhash_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-mysql_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-pgsql_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-snmp_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-xml_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-dev_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-gd_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-imap_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-ldap_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-magick_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-mhash_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-mysql_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-pgsql_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-snmp_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3-xml_3.0.17-0potato3_arm.deb

http://security.debian.org/dists/potato/updates/main/binary-arm/php3_3.0.17-0potato3_arm.deb

Intel IA-32:

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-gd_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-imap_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-ldap_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-magick_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-mhash_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-mysql_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-pgsql_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-snmp_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-xml_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-dev_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-gd_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-imap_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-ldap_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-magick_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-mhash_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-mysql_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-pgsql_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-snmp_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3-xml_3.0.17-0potato2_i386.deb

http://security.debian.org/dists/potato/updates/main/binary-i386/php3_3.0.17-0potato2_i386.deb

Motorola 680x0:

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-gd_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-imap_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-ldap_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-magick_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-mhash_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-mysql_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-pgsql_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-snmp_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-xml_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-dev_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-gd_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-imap_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-ldap_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-magick_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-mhash_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-mysql_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-pgsql_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-snmp_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-xml_3.0.17-0potato3_m68k.deb

http://security.debian.org/dists/potato/updates/main/binary-m68k/php3_3.0.17-0potato3_m68k.deb

PowerPC:

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-gd_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-imap_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-ldap_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-magick_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-mhash_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-mysql_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-pgsql_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-snmp_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-xml_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-dev_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-gd_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-imap_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-ldap_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-magick_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-mhash_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-mysql_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-pgsql_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-snmp_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-xml_3.0.17-0potato3_powerpc.deb

http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3_3.0.17-0potato3_powerpc.deb

Sun Sparc:

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-gd_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-imap_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-ldap_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-magick_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-mhash_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-mysql_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-pgsql_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-snmp_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-xml_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-dev_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-gd_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-imap_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-ldap_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-magick_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-mhash_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-mysql_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-pgsql_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-snmp_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-xml_3.0.17-0potato3_sparc.deb

http://security.debian.org/dists/potato/updates/main/binary-sparc/php3_3.0.17-0potato3_sparc.deb