logo
DATABASE RESOURCES PRICING ABOUT US

remote code execution in php4/mod_php4

Description

PHP is a well known, widely-used scripting language often used within web server setups. Stefan Esser found a problem with the "memory_limit" handling of PHP which allows remote attackers to execute arbitrary code as the user running the PHP interpreter. This problem has been fixed. Additionally a problem within the "strip_tags" function has been found and fixed which allowed remote attackers to inject arbitrary tags into certain web browsers, issuing XSS related attacks. Since there is no easy workaround except disabling PHP, we recommend an update for users running the PHP interpreter within the apache web server.


Affected Package


OS OS Version Package Name Package Version
openSUSE 9.1 php4-mysql 4.3.4-43.11
openSUSE 9.0 mod_php4 4.3.3-177
openSUSE 8.2 mod_php4-core 4.3.1-169
openSUSE 9.0 mod_php4-servlet 4.3.3-177
openSUSE 9.1 php4 4.3.4-43.11
openSUSE 8.1 mod_php4-servlet 4.2.2-479
openSUSE 9.1 php4-imap 4.3.4-43.11
openSUSE 8.1 mod_php4-core 4.2.2-479
openSUSE 9.1 php4-servlet 4.3.4-43.11
openSUSE 9.0 mod_php4-servlet 4.3.3-177
openSUSE 9.1 php4-session 4.3.4-43.11
openSUSE 9.1 php4-wddx 4.3.4-43.11
openSUSE 8.0 mod_php4-core 4.1.0-317
openSUSE 9.0 mod_php4 4.3.3-177
openSUSE 8.0 mod_php4 4.1.0-317
openSUSE 9.1 php4-session 4.3.4-43.11
openSUSE 9.1 php4-wddx 4.3.4-43.11
openSUSE 8.1 mod_php4 4.2.2-479
openSUSE 9.1 php4-mysql 4.3.4-43.11
openSUSE 9.1 php4 4.3.4-43.11
openSUSE 9.1 php4-servlet 4.3.4-43.11
openSUSE 9.0 mod_php4-core 4.3.3-177
openSUSE 9.1 php4-imap 4.3.4-43.11
openSUSE 9.0 mod_php4-core 4.3.3-177
openSUSE 8.2 mod_php4 4.3.1-169
openSUSE 8.0 mod_php4-servlet 4.1.0-317

Related