Aviso de seguridad de Debian

php3 -- posible explotación remota

Fecha del informe:
14 de oct de 2000
Paquetes afectados:
php3
Vulnerable:
Referencias a bases de datos de seguridad:
En el diccionario CVE de Mitre: CVE-2000-0967.
Información adicional:
En las versiones de los paquetes PHP 3 anteriores a la versión 3.0.17, varios errores de cadena de formato permitían a peticiones propiamente modificadas ejecutar código como el usuario que ejecutaba los scripts PHP del servidor web, particularmente si el registro de errores estaba activado.

Este problema está arreglado en las versiones 3.0.17-0potato2 y 3.0.17-0potato3 para Debian 2.2 (potato) y en la versión 3.0.17-1 para Debian inestable (woody). Esta es una corrección de error y le recomendamos a todos los usuarios de php3 que se actualicen.

Debian GNU/Linux 2.1 (slink) contiene la versión 3.0.5, que se cree que está afectada por este problema. No hay actualizaciones de seguridad para slink en este momento; Se insta a los usuarios de slink que tengan php3 instalado a que o bien actualicen a potato o bien recompilen los paquetes php3 de potato desde las fuentes (vea las URLs abajo).

Arreglado en:

Debian GNU/Linux 2.2 (potato)

Fuentes:
http://security.debian.org/dists/potato/updates/main/source/php3_3.0.17-0potato3.diff.gz
http://security.debian.org/dists/potato/updates/main/source/php3_3.0.17-0potato3.dsc
http://security.debian.org/dists/potato/updates/main/source/php3_3.0.17.orig.tar.gz
Componentes independientes de la arquitectura:
http://security.debian.org/dists/potato/updates/main/binary-all/php3-doc_3.0.17-0potato3_all.deb
Alpha:
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-gd_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-imap_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-ldap_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-magick_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-mhash_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-mysql_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-pgsql_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-snmp_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi-xml_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-cgi_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-dev_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-gd_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-imap_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-ldap_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-magick_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-mhash_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-mysql_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-pgsql_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-snmp_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3-xml_3.0.17-0potato3_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/php3_3.0.17-0potato3_alpha.deb
ARM:
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-gd_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-imap_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-ldap_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-magick_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-mhash_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-mysql_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-pgsql_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-snmp_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi-xml_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-cgi_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-dev_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-gd_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-imap_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-ldap_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-magick_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-mhash_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-mysql_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-pgsql_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-snmp_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3-xml_3.0.17-0potato3_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/php3_3.0.17-0potato3_arm.deb
Intel IA-32:
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-gd_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-imap_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-ldap_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-magick_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-mhash_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-mysql_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-pgsql_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-snmp_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi-xml_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-cgi_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-dev_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-gd_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-imap_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-ldap_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-magick_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-mhash_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-mysql_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-pgsql_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-snmp_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3-xml_3.0.17-0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/php3_3.0.17-0potato2_i386.deb
Motorola 680x0:
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-gd_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-imap_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-ldap_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-magick_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-mhash_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-mysql_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-pgsql_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-snmp_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi-xml_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-cgi_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-dev_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-gd_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-imap_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-ldap_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-magick_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-mhash_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-mysql_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-pgsql_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-snmp_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3-xml_3.0.17-0potato3_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/php3_3.0.17-0potato3_m68k.deb
PowerPC:
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-gd_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-imap_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-ldap_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-magick_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-mhash_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-mysql_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-pgsql_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-snmp_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi-xml_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-cgi_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-dev_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-gd_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-imap_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-ldap_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-magick_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-mhash_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-mysql_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-pgsql_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-snmp_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3-xml_3.0.17-0potato3_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/php3_3.0.17-0potato3_powerpc.deb
Sun Sparc:
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-gd_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-imap_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-ldap_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-magick_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-mhash_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-mysql_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-pgsql_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-snmp_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi-xml_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-cgi_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-dev_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-gd_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-imap_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-ldap_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-magick_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-mhash_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-mysql_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-pgsql_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-snmp_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3-xml_3.0.17-0potato3_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/php3_3.0.17-0potato3_sparc.deb