rhn.redhat.com | Red Hat Support

Red Hat Linux Errata Advisory
back



Synopsis	PHP vulnerabilities in Stronghold

Advisory ID	RHSA-2002:040-03

Issue Date	2002-02-28

Updated On	2002-03-14

Product	Stronghold Cross Platform

Keywords	PHP

Cross References

Obsoletes

1. Topic:

PHP has a number of vulnerabilities in the functions
that parse multipart MIME data, which are used when uploading files
through forms.

2. Problem description:

PHP is an HTML-embeddable scripting language. A number of flaws have been
found in the way PHP handles multipart/form-data POST requests. Each of
these flaws could allow an attacker to execute arbitrary code on the remote
system.

All versions of the Stronghold web server include PHP and are therefore
potentially vulnerable to these issues.

You are vulnerable and need to take action if you have either

a) Used the default Stronghold httpd.conf file, in which PHP3 is enabled

b) Altered httpd.conf to enable PHP3 or PHP4

c) Recompile your server with PHP statically linked into Stronghold

The Stronghold engineering team is working on new builds of Stronghold
that are not vulnerable to this problem. In the meantime you can protect
yourself in a number of ways:

a) If you are not using PHP functionality on your site you can disable the
PHP modules. Look for the PHP "LoadModule" directives in your httpd.conf
file, comment them out, and restart your server.

b) If you are using PHP 4.0.3 or greater you can disable the vulnerable
PHP upload feature. Edit httpd.conf and add the following line after the
LoadModule lines, then restart your server.

php_admin_value file_uploads off

c) Download updated PHP source code and patches from www.php.net
and compile them. Details of how to do this are available from
http://www.int.c2.net/support/sh3/upgradephp4

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0081 to this issue.

Stronghold 3.0 build code 3016 is now available from
http://www.int.c2.net/download/ that is not vulnerable to this issue.

3. Bug IDs fixed: (see bugzilla for more information)

4. Relevant releases/architectures:

5. RPMs required:

6. Solution:

Please consult the Stronghold documentation on how to upgrade Stronghold

7. Verification:

MD5 sum                           Package Name
-------------------------------------------------------------------------

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
http://www.redhat.com/about/contact.html

You can verify each package with the following command: rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename

Note that you need RPM >= 3.0 to check GnuPG keys.

8. References:

http://security.e-matters.de/advisories/012002.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0081

If you have any questions regarding this vulnerability please contact your
Stronghold support representative by email. Mail to
stronghold-support@redhat.com for US and Canadian customers,
stronghold-support-world@redhat.com for all other customers.