Bug 132281

Summary: PHP File-Upload $GLOBALS Overwrite Vulnerability
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Masaji Takeyama <takezou040728>
Component: SecurityAssignee: Petr Ostadal <postadal>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Critical    
Priority: P5 - None CC: security-team
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: SUSE Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Masaji Takeyama 2005-11-04 03:54:05 UTC 
Security  Advisory was reported from PHP project.

[Details]
http://www.hardened-php.net/advisory_202005.79.html

* SUSE Linux 10.1(php4)
The upgrade to php 4.4.1 might be good.

* patch for php 5.0.4, 5.0.5(globals-problem)
php-5.0.4-global.patch
php-5.0.5-global.patch
http://wiki.ohgaki.net/index.php?PHP%2Fpatch%2F%24GLOBAL%CA%DD%B8%EE%A5%D1%A5%C3%A5%C1

* patch for php 4.3.11(4.3.x(?)) --- It has not tested yet. 
php-4.3.11-global.patch
http://wiki.ohgaki.net/index.php?PHP%2Fpatch%2F%24GLOBAL%CA%DD%B8%EE%A5%D1%A5%C3%A5%C1
Comment 1 Ludwig Nussel 2006-02-14 13:13:12 UTC 
dup of #131580, fixed in the meantime.
http://www.novell.com/linux/security/advisories/2005_14_sa.html
Comment 2 Cristian Rodríguez 2006-03-22 19:14:13 UTC 
Just for the record :

this bug is bad categorized.

it DOES NOT affect  ( 10.1 ships PHP 5.1.2 only, no PHP4)

although,this is **very** serious issue,and it's a PIECE OF CAKE to exploit.


here is tech analisis of the problem.

http://www.hardened-php.net/globals-problem
Comment 3 Marcus Meissner 2006-03-23 14:35:54 UTC 
so what is the problem? we released updates for it?