Search:

February 2006

AUSCERT Advisory: AA-2006.0018 - Vulnerability in multiple PHP web applications using PHPLIB

ID: 00249
Ref: 156/06
Date: 27 February 2006:13:59:39
Version: 1

Title: AUSCERT Advisory: AA-2006.0018 - Vulnerability in multiple PHP web applications using PHPLIB
Abstract: PHPLIB is a third party PHP library used by a number of web applications such as Horde and IMP. PHPLIB versions prior to 7.4a contain a remotely exploitable input validation vulnerability.
Vendors affected: PHPLIB
Applications affected: PHPLIB

Title
=====

AUSCERT Advisory: AA-2006.0018 - Vulnerability in multiple PHP web applications
using PHPLIB

Detail
======

PHPLIB is a third party PHP library used by a number of web applications such as
Horde and IMP. PHPLIB versions prior to 7.4a contain a remotely exploitable input
validation vulnerability.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AA-2006.0018 AUSCERT Advisory

[Win][UNIX/Linux]
Vulnerability in multiple PHP web applications using PHPLIB
27 February 2006
- - ---------------------------------------------------------------------------

AusCERT Advisory Summary
------------------------

Product: PHPLIB 7.4 and prior
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
Member-only until: Monday, March 27 2006

OVERVIEW:

PHPLIB is a third party PHP library used by a number of web
applications such as Horde and IMP. PHPLIB versions prior to
7.4a contain a remotely exploitable input validation vulnerability. [1]

IMPACT:

A remote attacker may potentially execute arbitrary SQL statements
on the vulnerable server.

MITIGATION:

For developers using PHPLIB directly, version 7.4a has been released
fixing this vulnerability.

In some cases, organizations may not be aware that they have a web
server using the vulnerable library within their network. AusCERT
recommends that network administrators audit their networks for web
applications that use PHPLIB, and either uninstall or update them.

REFERENCES:

[1] PHPLIB 7.4a Release Notes
https://sourceforge.net/project/shownotes.php?release_id=396091&group_id=31885

[2] PHPLIB bug 1436794
https://sourceforge.net/tracker/index.php?func=detail&aid=1436794&group_id=31885&atid=403611

AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================

- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRAKU8yh9+71yA2DNAQLS4QP8CuA7nB6EHwQu9hYYLZEkY+bh8cKzE4aF
1QKpkobGBB0BVuLKeqJnacwch8ZQ2deZjr+NFjOrpeiR0B84cV0cUbmZ40iQLq5k
61nk5XmTiL2+7EG9Z02ExjFM69mNvg+xOM6vWHw8ARC+rhAfGax4TkCLodVv9Hk/
PEypGFrvZqs=
=Qh66
- -----END PGP SIGNATURE-----