The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of PHP: denial of service via hash collision

Synthesis of the vulnerability 

An attacker can send data generating storage collisions, in order to overload a service.
Impacted products: CheckPoint Endpoint Security, CheckPoint Security Gateway, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Mandriva Linux, openSUSE, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity of this bulletin: 3/4.
Creation date: 22/02/2012.
Références of this threat: BID-51193, c03183543, CERTA-2011-AVI-728, CVE-2011-4885, DSA-2399-1, DSA-2399-2, FEDORA-2012-0420, FEDORA-2012-0504, HPSBUX02741, MDVSA-2011:197, MDVSA-2012:071, n.runs-SA-2011.004, oCERT-2011-003, openSUSE-SU-2012:0426-1, RHSA-2012:0019-01, RHSA-2012:0033-01, RHSA-2012:0071-01, sk66350, SOL13588, SSRT100728, SUSE-SU-2012:0411-1, SUSE-SU-2012:0496-1, VIGILANCE-VUL-11379.

Description of the vulnerability 

The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.

This vulnerability impacts PHP.

In order to simplify VIGILANCE-VUL-11254, which was too big, solutions for PHP were moved here.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat bulletin impacts software or systems such as CheckPoint Endpoint Security, CheckPoint Security Gateway, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Mandriva Linux, openSUSE, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this security threat is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer vulnerability alert.

Solutions for this threat 

PHP: version 5.3.9.
The version 5.3.9 is corrected:
  http://www.php.net/downloads.php
It is recommended to install the solution VIGILANCE-SOL-25319.

PHP: patch for hash collision.
A patch is available:
  http://svn.php.net/viewvc?view=revision&revision=321003
  http://svn.php.net/viewvc?view=revision&revision=321040

PHP: workaround for hash collision.
A workaround is to limit:
 - the execution time via max_input_time
 - the maximal number of parameters (via Suhosin suhosin.post.max_vars or suhosin.request.max_vars)

Check Point Security Gateway, Endpoint Security: patch for hash collision.
A patch is available for Security Gateway and Connectra:
  https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_doGetdcdetails=&fileid=13554
For EndPoint Security Server, execute :
  cpstop
  cd %uepmdir%\engine\conf
  copy server.xml server.xml.bak
  remove the following line from server.xml: <Context docBase="WRH" path="/webrh" reloadable="false"/>
  cpstart

Debian: new php5 packages.
New packages are available:
  php5 5.2.6.dfsg.1-1+lenny15
  php5 5.3.3-7+squeeze6

F5 BIG-IP: workaround for PHP.
A workaround is to filter the access to the web administration interface.

Fedora: new maniadrive packages.
New packages are available:
  maniadrive-1.2-32.fc15.1
  maniadrive-1.2-32.fc16.1

Fedora: new php-eaccelerator packages.
New packages are available:
  php-eaccelerator-0.9.6.1-9.fc15.1
  php-eaccelerator-0.9.6.1-9.fc16.1

Fedora: new php packages.
New packages are available:
  php-5.3.9-1.fc15
  php-5.3.9-1.fc16

HP-UX Web Server Suite: version 3.22.
The version 3.22 is corrected:
  https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW322

Mandriva ES 5: new php packages.
New packages are available:
  php-3.1.10-0.1mdvmes5.2

Mandriva: new php packages.
New packages are available:
  php-5.3.8-0.3mdv2010.2
  php-5.3.8-1.2-mdv2011.0

openSUSE 12.1: new php5 packages.
New packages are available:
  openSUSE 12.1 : php5-5.3.8-4.9.2

RHEL 4: new php packages.
New packages are available:
  php-4.3.9-3.35

RHEL 5, 6: new php packages.
New packages are available:
  php53-5.3.3-1.el5_7.5
  php-5.3.3-3.el6_2.5

RHEL 5: new php packages.
New packages are available:
  php-5.1.6-27.el5_7.4

SUSE LE 10: new php5 packages.
New packages are available:
  php5-5.2.14-0.26.3

SUSE LE 11: new php5 packages.
New packages are available:
  php5-5.2.14-0.7.30.34.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability database. The Vigil@nce vulnerability database contains several thousand vulnerabilities.