Ubuntu Security Notice USN-66-1

20th January, 2005

php4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 4.10

Details

FraMe from kernelpanik.org reported that the cURL module does not
respect open_basedir restrictions. As a result, scripts which used
cURL to open files with an user-specified path could read arbitrary
local files outside of the open_basedir directory.

Stefano Di Paola discovered a vulnerability in PHP's shmop_write()
function. Its "offset" parameter was not checked for negative values,
which allowed an attacker to write arbitrary data to arbitrary memory
locations. A script which passed unchecked parameters to
shmop_write() could possibly be exploited to execute arbitrary code
with the privileges of the web server and to bypass safe mode
restrictions.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 4.10:

libapache2-mod-php4

php4-cgi

php4-curl

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

None

References

http://www.securityfocus.com/archive/1/384920, http://www.securitytracker.com/alerts/2004/Oct/1011984.html