PHP import_request_variables() Function Superglobals Variable Overwrite

2007-03-08T23:41:13
ID OSVDB:34673
Type osvdb
Reporter OSVDB
Modified 2007-03-08T23:41:13

Description

Vulnerability Description

PHP contains a flaw that may allow remote attackers to obscure the origin of their actions. The issue occurs when the import_request_variables function is called without a prefix which does not prevent HTTP related superglobal variables (GET, POST, COOKIE, FILES, SERVER and SESSION) from being overwritten. This may allow an attacker to spoof their source IP address or manipulate the HTTP Referer field.

Solution Description

Upgrade to version 4.4.7, 5.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP contains a flaw that may allow remote attackers to obscure the origin of their actions. The issue occurs when the import_request_variables function is called without a prefix which does not prevent HTTP related superglobal variables (GET, POST, COOKIE, FILES, SERVER and SESSION) from being overwritten. This may allow an attacker to spoof their source IP address or manipulate the HTTP Referer field.

References:

Vendor URL: http://www.php.net/ Vendor Specific News/Changelog Entry: http://us2.php.net/releases/4_4_7.php Vendor Specific News/Changelog Entry: http://us2.php.net/releases/5_2_2.php Secunia Advisory ID:26048 Secunia Advisory ID:25816 Other Advisory URL: http://www.wisec.it/vulns.php?id=10 Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html Other Advisory URL: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=http--supportnovellcom-techcenter-psdb-3e349d7efffdfecc96ca44f446d1b2c4html&sliceId=&dialogID=38853114&stateId=0%200%2038851668 Other Advisory URL: http://www.wisec.it/vuln_10.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0103.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0129.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0038.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0051.html CVE-2007-1396 Bugtraq ID: 22886