FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
edabe438-542f-11db-a5ae-00508d6a62dfphp -- open_basedir Race Condition Vulnerability

Stefan Esser reports:

PHP's open_basedir feature is meant to disallow scripts to access files outside a set of configured base directories. The checks for this are placed within PHP functions dealing with files before the actual open call is performed.

Obviously there is a little span of time between the check and the actual open call. During this time span the checked path could have been altered and point to a file that is forbidden to be accessed due to open_basedir restrictions.

Because the open_basedir restrictions often not call PHP functions but 3rd party library functions to actually open the file it is impossible to close this time span in a general way. It would only be possible to close it when PHP handles the actual opening on it's own.

While it seems hard to change the path during this little time span it is very simple with the use of the symlink() function combined with a little trick. PHP's symlink() function ensures that source and target of the symlink operation are allowed by open_basedir restrictions (and safe_mode). However it is possible to point a symlink to any file by the use of mkdir(), unlink() and at least two symlinks.


Discovery 2006-10-02
Entry 2006-10-05
Modified 2013-04-01
php4
php5
< 4.4.4_1

ge 5 lt 5.1.6_2

php-suhosin
< 0.9.6

php4-cli
php5-cli
php4-cgi
php5-cgi
php4-dtc
php5-dtc
php4-horde
php5-horde
php4-nms
php5-nms
mod_php4
mod_php5
ge 4 lt 4.4.4_1

ge 5 lt 5.1.6_2

20326
CVE-2006-5178
http://www.hardened-php.net/advisory_082006.132.html
http://secunia.com/advisories/22235/
ea09c5df-4362-11db-81e1-000e0c2e438aphp -- multiple vulnerabilities

The PHP development team reports:

  • Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
  • Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
  • Fixed possible open_basedir/safe_mode bypass in cURL extension and with realpath cache.
  • Fixed overflow in GD extension on invalid GIF images.
  • Fixed a buffer overflow inside sscanf() function.
  • Fixed an out of bounds read inside stripos() function.
  • Fixed memory_limit restriction on 64 bit system.

Discovery 2006-08-18
Entry 2006-09-13
Modified 2014-03-28
php4
php5
< 4.4.4

ge 5 lt 5.1.5

php4-cli
php5-cli
php4-cgi
php5-cgi
php4-dtc
php5-dtc
php4-horde
php5-horde
php4-nms
php5-nms
mod_php4
mod_php5
< 4.4.4

ge 5 lt 5.1.5

CVE-2006-4481
CVE-2006-4482
CVE-2006-4483
CVE-2006-4484
CVE-2006-4485
CVE-2006-4486
http://www.php.net/release_4_4_4.php
http://www.php.net/release_5_1_5.php
6821a2db-4ab7-11da-932d-00055d790c25PHP -- multiple vulnerabilities

A Secunia Advisory reports:

Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system.


Discovery 2005-10-31
Entry 2005-11-01
mod_php4-twig
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php4
< 4.4.1

mod_php
mod_php4
ge 4 lt 4.4.1,1

http://secunia.com/advisories/17371/
d47e9d19-5016-11d9-9b5f-0050569f0001php -- multiple vulnerabilities

Secunia reports:

Multiple vulnerabilities have been reported in PHP, which can be exploited to gain escalated privileges, bypass certain security restrictions, gain knowledge of sensitive information, or compromise a vulnerable system.


Discovery 2004-12-16
Entry 2004-12-17
Modified 2004-12-18
mod_php4-twig
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php4
< 4.3.10

mod_php
mod_php4
ge 4 lt 4.3.10,1

php5
php5-cgi
php5-cli
< 5.0.3

mod_php5
< 5.0.3,1

http://secunia.com/advisories/13481/
CVE-2004-1019
CVE-2004-1065
http://www.php.net/release_4_3_10.php
http://www.hardened-php.net/advisories/012004.txt
dd7aa4f1-102f-11d9-8a8a-000c41e2cdadphp -- memory_limit related vulnerability

Stefan Esser of e-matters discovered a condition within PHP that may lead to remote execution of arbitrary code. The memory_limit facility is used to notify functions when memory contraints have been met. Under certain conditions, the entry into this facility is able to interrupt functions such as zend_hash_init() at locations not suitable for interruption. The result would leave these functions in a vulnerable state.

An attacker that is able to trigger the memory_limit abort within zend_hash_init() and is additionally able to control the heap before the HashTable itself is allocated, is able to supply his own HashTable destructor pointer. [...]

All mentioned places outside of the extensions are quite easy to exploit, because the memory allocation up to those places is deterministic and quite static throughout different PHP versions. [...]

Because the exploit itself consist of supplying an arbitrary destructor pointer this bug is exploitable on any platform.


Discovery 2004-07-07
Entry 2004-09-27
Modified 2004-10-02
mod_php4-twig
php4
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
le 4.3.7_3

mod_php4
le 4.3.7_3,1

php5
php5-cgi
php5-cli
le 5.0.0.r3_2

mod_php5
le 5.0.0.r3_2,1

CVE-2004-0594
http://marc.theaimsgroup.com/?l=bugtraq&m=108981780109154
http://security.e-matters.de/advisories/112004.html
10725
edf61c61-0f07-11d9-8393-000103ccf9d6php -- strip_tags cross-site scripting vulnerability

Stefan Esser of e-matters discovered that PHP's strip_tags() function would ignore certain characters during parsing of tags, allowing these tags to pass through. Select browsers could then parse these tags, possibly allowing cross-site scripting attacks.


Discovery 2004-07-07
Entry 2004-09-27
Modified 2013-06-19
mod_php4-twig
php4
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
le 4.3.7_3

mod_php4
le 4.3.7_3,1

php5
php5-cgi
php5-cli
le 5.0.0.r3_2

mod_php5
le 5.0.0.r3_2,1

CVE-2004-0595
http://marc.theaimsgroup.com/?l=bugtraq&m=108981589117423
http://security.e-matters.de/advisories/122004.html
10724
562a3fdf-16d6-11d9-bc4a-000c41e2cdadphp -- vulnerability in RFC 1867 file upload processing

Stefano Di Paola discovered an issue with PHP that could allow someone to upload a file to any directory writeable by the httpd process. Any sanitizing performed on the prepended directory path is ignored. This bug can only be triggered if the $_FILES element name contains an underscore.


Discovery 2004-09-15
Entry 2004-09-15
Modified 2004-10-12
php4
php4-cgi
le 4.3.8_2

mod_php4
le 4.3.8_2,1

php5
php5-cgi
le 5.0.1

mod_php5
le 5.0.1,1

http://marc.theaimsgroup.com/?l=bugtraq&m=109534848430404
http://marc.theaimsgroup.com/?l=bugtraq&m=109648426331965
07f3fe15-a9de-11d9-a788-0001020eed82php -- readfile() DoS vulnerability

A SUSE Security advisory reports:

A bug in the readfile() function of php4 could be used to to crash the httpd running the php4 code when accessing files with a multiple of the architectures page size leading to a denial of service.


Discovery 2004-01-25
Entry 2005-04-10
mod_php4-twig
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php4
< 4.3.5_7

mod_php
mod_php4
< 4.3.5_7,1

12665
CVE-2005-0596
http://bugs.php.net/bug.php?id=27037
http://www.novell.com/linux/security/advisories/2005_06_sr.html
ad74a1bd-16d2-11d9-bc4a-000c41e2cdadphp -- php_variables memory disclosure

Stefano Di Paola reports:

Bad array parsing in php_variables.c could lead to show arbitrary memory content such as pieces of php code and other data. This affects all GET, POST or COOKIES variables.


Discovery 2004-09-15
Entry 2004-10-05
mod_php4-twig
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php4
le 4.3.8_2

mod_php
mod_php4
ge 4 le 4.3.8_2,1

php5
php5-cgi
php5-cli
le 5.0.1

mod_php5
le 5.0.1,1

http://marc.theaimsgroup.com/?l=bugtraq&m=109527531130492
7fcf1727-be71-11db-b2ec-000c6ec775d9php -- multiple vulnerabilities

Multiple vulnerabilities have been found in PHP, including: buffer overflows, stack overflows, format string, and information disclosure vulnerabilities.

The session extension contained safe_mode and open_basedir bypasses, but the FreeBSD Security Officer does not consider these real security vulnerabilities, since safe_mode and open_basedir are insecure by design and should not be relied upon.


Discovery 2007-02-09
Entry 2007-02-17
Modified 2013-04-01
php5-imap
php5-odbc
php5-session
php5-shmop
php5-sqlite
php5-wddx
php5
< 5.2.1_2

php4-odbc
php4-session
php4-shmop
php4-wddx
php4
< 4.4.5

mod_php4-twig
mod_php4
mod_php5
mod_php
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php5-cgi
php5-cli
php5-dtc
php5-horde
php5-nms
ge 4 lt 4.4.5

ge 5 lt 5.2.1_2

CVE-2007-0905
CVE-2007-0906
CVE-2007-0907
CVE-2007-0908
CVE-2007-0909
CVE-2007-0910
CVE-2007-0988
http://secunia.com/advisories/24089/
http://www.php.net/releases/4_4_5.php
http://www.php.net/releases/5_2_1.php
f5e52bf5-fc77-11db-8163-000e0c2e438aphp -- multiple vulnerabilities

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:

  • Fixed CVE-2007-1001, GD wbmp used with invalid image size
  • Fixed asciiz byte truncation inside mail()
  • Fixed a bug in mb_parse_str() that can be used to activate register_globals
  • Fixed unallocated memory access/double free in in array_user_key_compare()
  • Fixed a double free inside session_regenerate_id()
  • Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
  • Limit nesting level of input variables with max_input_nesting_level as fix for.
  • Fixed CRLF injection inside ftp_putcmd().
  • Fixed a possible super-global overwrite inside import_request_variables().
  • Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library.

Security Enhancements and Fixes in PHP 5.2.2 only:

  • Fixed a header injection via Subject and To parameters to the mail() function
  • Fixed wrong length calculation in unserialize S type.
  • Fixed substr_compare and substr_count information leak.
  • Fixed a remotely trigger-able buffer overflow inside make_http_soap_request().
  • Fixed a buffer overflow inside user_filter_factory_create().

Security Enhancements and Fixes in PHP 4.4.7 only:

  • XSS in phpinfo()

Discovery 2007-05-03
Entry 2007-05-07
Modified 2014-04-01
php5-imap
php5-odbc
php5-session
php5-shmop
php5-sqlite
php5-wddx
php5
< 5.2.2

php4-odbc
php4-session
php4-shmop
php4-wddx
php4
< 4.4.7

mod_php4-twig
mod_php4
mod_php5
mod_php
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php5-cgi
php5-cli
php5-dtc
php5-horde
php5-nms
ge 4 lt 4.4.7

ge 5 lt 5.2.2

CVE-2007-1001
http://www.php.net/releases/4_4_7.php
http://www.php.net/releases/5_2_2.php