Date: 16 April 2009
References: AA-2009.0066 ESB-2009.0394 ESB-2009.0422
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2009.0091 AUSCERT Advisory
[Win]
PHP for Windows: Multiple Vulnerabilities
16 April 2009
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: PHP
Operating System: Windows
Impact: Denial of Service
Provide Misleading Information
Access: Remote/Unauthenticated
CVE Names: CVE-2009-0789 CVE-2009-0591 CVE-2009-0590
Member content until: Thursday, May 14 2009
Ref: AA-2009.0066
OVERVIEW:
A new version of PHP for windows has been released to correct a
number of security vulnerabilities.
IMPACT:
The vendor has provided the following information regarding the
new release:
"This release focuses on fixing security flaws in the included
OpenSSL library (CVE-2009-0590, CVE-2009-0591 and CVE-2009-0789)."
[1]
The corrected CVEs are described as:
CVE-2009-0590: "The ASN1_STRING_print_ex function in OpenSSL before
0.9.8k allows remote attackers to cause a denial of service (invalid
memory access and application crash) via vectors that trigger
printing of a (1) BMPString or (2) UniversalString with an invalid
encoded length." [2]
CVE-2009-0591: "The CMS_verify function in OpenSSL 0.9.8h through
0.9.8j, when CMS is enabled, does not properly handle errors
associated with malformed signed attributes, which allows remote
attackers to repudiate a signature that originally appeared to be
valid but was actually invalid." [3]
CVE-2009-0789: "OpenSSL before 0.9.8k on WIN64 and certain other
platforms does not properly handle a malformed ASN.1 structure, which
allows remote attackers to cause a denial of service (invalid memory
access and application crash) by placing this structure in the public
key of a certificate, as demonstrated by an RSA public key." [4]
MITIGATION:
Users of PHP for Windows can correct these vulnerabilities by
downloading version 5.2.9-2 from the PHP website. [5]
REFERENCES:
[1] PHP 5.2.9-2 (Windows) released
http://www.php.net/archive/2009.php#id2009-04-08-1
[2] Vulnerability Summary for CVE-2009-0590
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0590
[3] Vulnerability Summary for CVE-2009-0591
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0591
[4] Vulnerability Summary for CVE-2009-0789
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0789
[5] PHP: Downloads
http://www.php.net/downloads.php
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFJ5n9lNVH5XJJInbgRAslVAJwIttetUEEW1/wfAwZgRQzRsfTuZwCfchfi
CMVebHhY1Vwt5IrL8uWiLRU=
=b6vc
-----END PGP SIGNATURE-----
|