USN-882-1 -- php5 vulnerabilitiesID: oval:org.secpod.oval:def:700137 | Date: (C)2011-01-28 (M)2024-02-19 |
Class: PATCH | Family: unix |
Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data , within the same domain. Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions
Platform: |
Ubuntu 8.04 |
Ubuntu 8.10 |
Ubuntu 9.10 |
Ubuntu 6.06 |
Ubuntu 9.04 |