=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2005/VULN741
_____________________________________________________________________

DATE                      : 30/11/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running PHP 5.1.0 and prior.

======================================================================

===========================================================================

             PHP 5.1.1 released fixing multiple vulnerabilities
                              28 November 2005
- - ---------------------------------------------------------------------------



Product:           PHP 5.1.0 and prior
Operating System:  Linux variants
                    UNIX variants
                    Windows
                    Mac OS X
Impact:            Execute Arbitrary Code/Commands
                    Denial of Service
                    Cross-site Scripting
                    Inappropriate Access
Access:            Remote/Unauthenticated

Ref:               CAN-2005-2491

Original Bulletin: http://news.php.net/php.announce/58

OVERVIEW:

         PHP 5.1.0 and prior contain multiple vulnerabilities which may allow
         arbitrary code execution or denial of service attacks. The PHP
         Development Team have released an advisory [1] regarding these
         vulnerabilities. For full details of all changes in PHP 5.1.1, please
         refer to the PHP change log [2].


IMPACT:

         1. Execute Arbitrary Code

         Integer overflows in pcre_compile.c allows attackers to overflow heap
         buffers via quantifier values in regular expressions, potentially
         leading to the execution of arbitrary code.


         2. Denial of Service

         Multiple vulnerabilities exist which allow memory corruption
         potentially leading to a denial of service condition. For more
         information, see the PHP change log [2].


         3. Cross-site scripting

         A Cross-site scripting vulnerability exists in the phpinfo() function
         which may lead to information disclosure.


         4. Inappropriate Access

         Multiple vulnerable functions exist which allow modification of
         configuration directives or variables.  For full details, please refer
         to the PHP change log [2].


MITIGATION:

         It is recommended that users of earlier versions of PHP, including
         those running beta versions of PHP 5.1.0, upgrade to version 5.1.1.


REFERENCES:

[1] http://news.php.net/php.announce/58
[2] http://www.php.net/ChangeLog-5.php#5.1.1


===========================================================================

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================