More vulnerabilities in PHP
A critical vulnerability in PHP 5.x compromises Web server security. The error is in the PHP memory handling function ecalloc, in the version zend_alloc.c module and is based on an integer overflow. According to the security advisory from Red Hat, under certain circumstances it should be possible, using certain requests, to allocate memory on the server and to exploit this to infiltrate code and to execute this code with the Web server's privileges. The exploit does, however, require that an appropriate PHP script, which calls ecalloc(), is present on the server.
Red Hat has already released new packages for Enterprise Linux AS, ES and WS (v.2.1), which were still using an older, vulnerable version of PHP 4. Red Hat Enterprise Linux 3 and 4 are not affected, as the vulnerable PHP version is not used. Current official PHP 4 versions are also unaffected. Mandriva has also already remedied the bug in its packages. Zend have not yet released an official security advisory, but an advisory is expected at the beginning of next week. The bug appears to have already been remedied in the PHP CVS.
Problems with PHP have been piling up. Just recently a problem in open_basedir was discovered, which enabled its restrictions to be bypassed. In mid September, there was a security settings bug and in mid August, multiple security vulnerabilities in PHP functions.
- Important: php security update, security advisory from Red Hat
- Updated php packages fix integer overflow vulnerability, security advisory from Mandriva
- ZEND_API void *_ecalloc, entry in PHP CVS