The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of PHP: memory reading with html_entity_decode

Synthesis of the vulnerability 

An attacker can obtain a memory fragment from server using a script containing html_entity_decode().
Impacted products: Fedora, Mandriva Linux, Mandriva NF, openSUSE, PHP, RHEL, RedHat Linux, SLES.
Severity of this bulletin: 1/4.
Creation date: 29/03/2006.
Références of this threat: 10310, 20060501-01-U, BID-17296, CERTA-2006-AVI-134, CERTA-2006-AVI-517, CVE-2006-1490, FLSA-2006:175040, MDKSA-2006:063, RHSA-2006:027, RHSA-2006:0276-01, SUSE-SA:2006:024, VIGILANCE-VUL-5727.

Description of the vulnerability 

The html_entity_decode() function converts HTML entities to characters. For example, " is converted to a quote.

This function does not correctly manage null character. Indeed :
  html_entity_decode("a\0bcd")
stops conversion after the first character, but returns a string of 5 characters. Supplementary characters are retrieved from current memory's content.

An attacker can therefore obtain a memory fragment from server using a script containing html_entity_decode().
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security note impacts software or systems such as Fedora, Mandriva Linux, Mandriva NF, openSUSE, PHP, RHEL, RedHat Linux, SLES.

Our Vigil@nce team determined that the severity of this threat announce is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this computer weakness announce.

Solutions for this threat 

Mandriva: new php packages.
New packages are available:
 Mandriva Linux 10.2:
 ef3fa2a2d14fb8be4f3febaf83bbffa9 10.2/RPMS/libphp_common432-4.3.10-7.8.102mdk.i586.rpm
 4a883be9e264869febfdfc5cdf529a49 10.2/RPMS/php432-devel-4.3.10-7.8.102mdk.i586.rpm
 2c1627712cca538956c5f851f616d5ce 10.2/RPMS/php-cgi-4.3.10-7.8.102mdk.i586.rpm
 8c6727cf7e6eb10dabc18eab21bfb2e4 10.2/RPMS/php-cli-4.3.10-7.8.102mdk.i586.rpm
 42d36049ac84a54b170d64fb1e4bdbfc 10.2/SRPMS/php-4.3.10-7.8.102mdk.src.rpm
 Mandriva Linux 10.2/X86_64:
 0bc53707143b53de67d92e09c3f681ce x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.8.102mdk.x86_64.rpm
 aa2afe3688d5467753f3b65f977cdfe2 x86_64/10.2/RPMS/php432-devel-4.3.10-7.8.102mdk.x86_64.rpm
 b69f7d7333fd59fc53f2c3cb775cb92d x86_64/10.2/RPMS/php-cgi-4.3.10-7.8.102mdk.x86_64.rpm
 9efe4691fa443904d12e05628ec32d1f x86_64/10.2/RPMS/php-cli-4.3.10-7.8.102mdk.x86_64.rpm
 42d36049ac84a54b170d64fb1e4bdbfc x86_64/10.2/SRPMS/php-4.3.10-7.8.102mdk.src.rpm
 Mandriva Linux 2006.0:
 2a7b4c48f38f0ca7ca1bfc6ee017e27b 2006.0/RPMS/libphp5_common5-5.0.4-9.4.20060mdk.i586.rpm
 2b0fe0ae0adfcea994618097ccd8f43e 2006.0/RPMS/php-cgi-5.0.4-9.4.20060mdk.i586.rpm
 6495845826ffc3963ea5fa7602413d99 2006.0/RPMS/php-cli-5.0.4-9.4.20060mdk.i586.rpm
 67e7e6ac6ffd75ebb3cfb067e16a6e90 2006.0/RPMS/php-devel-5.0.4-9.4.20060mdk.i586.rpm
 a07dfb39972947e39fc464895703e54f 2006.0/RPMS/php-fcgi-5.0.4-9.4.20060mdk.i586.rpm
 c71f42f38e21d547bc3121df180a1f9d 2006.0/SRPMS/php-5.0.4-9.4.20060mdk.src.rpm
 Mandriva Linux 2006.0/X86_64:
 c8d248402a14d3395df39d8460b2d09e x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.4.20060mdk.x86_64.rpm
 48903c848a6b6e95e602c9167f21140b x86_64/2006.0/RPMS/php-cgi-5.0.4-9.4.20060mdk.x86_64.rpm
 cf2c3ef8f5dd6a399026777f225e61c2 x86_64/2006.0/RPMS/php-cli-5.0.4-9.4.20060mdk.x86_64.rpm
 78f44b12e62d382cdde698eddb98de7d x86_64/2006.0/RPMS/php-devel-5.0.4-9.4.20060mdk.x86_64.rpm
 e6f2546f0ad6786b235ff9d3a5037f18 x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.4.20060mdk.x86_64.rpm
 c71f42f38e21d547bc3121df180a1f9d x86_64/2006.0/SRPMS/php-5.0.4-9.4.20060mdk.src.rpm
 Corporate 3.0:
 bfe7ada522d7d8c94d145d1345ea1cd2 corporate/3.0/RPMS/libphp_common432-4.3.4-4.12.C30mdk.i586.rpm
 d6e143fb483b0b491712b1f19d89d343 corporate/3.0/RPMS/php432-devel-4.3.4-4.12.C30mdk.i586.rpm
 bbc4009f6a6ae8c1c57dd19d4d835a76 corporate/3.0/RPMS/php-cgi-4.3.4-4.12.C30mdk.i586.rpm
 30559d249370d48b6620f836857d4a03 corporate/3.0/RPMS/php-cli-4.3.4-4.12.C30mdk.i586.rpm
 c2a531e21b0337d6e2e189922de96444 corporate/3.0/SRPMS/php-4.3.4-4.12.C30mdk.src.rpm
 Corporate 3.0/X86_64:
 775eb72e9367dfa3f58fbf58baecbbef x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.12.C30mdk.x86_64.rpm
 acb65ffa3867a095ec685f3c8964dc79 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.12.C30mdk.x86_64.rpm
 7ab648313c53a521b42c5fbe861ebefe x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.12.C30mdk.x86_64.rpm
 56821179db1b9e456894a58c816f3766 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.12.C30mdk.x86_64.rpm
 c2a531e21b0337d6e2e189922de96444 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.12.C30mdk.src.rpm
 Multi Network Firewall 2.0:
 e58ffa871474e313deb349926b22cc7e mnf/2.0/RPMS/libphp_common432-4.3.4-4.12.M20mdk.i586.rpm
 0f58a032dcdb3bc45b37b67f2ce3f6bc mnf/2.0/RPMS/php432-devel-4.3.4-4.12.M20mdk.i586.rpm
 7dd0f603a0870b896c9396357dcd9efc mnf/2.0/RPMS/php-cgi-4.3.4-4.12.M20mdk.i586.rpm
 a594814232b0dfa9bdbdf2db8d9089fd mnf/2.0/RPMS/php-cli-4.3.4-4.12.M20mdk.i586.rpm
 650755a113c483af227369551a1431a3 mnf/2.0/SRPMS/php-4.3.4-4.12.M20mdk.src.rpm

Red Hat Linux, Fedora Core: new php packages.
New packages are available:
Red Hat Linux 7.3:
 SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/php-4.1.2-7.3.20.legacy.src.rpm
 i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/php*-4.1.2-7.3.20.legacy.i386.rpm
Red Hat Linux 9:
 SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/php-4.2.2-17.21.legacy.src.rpm
 i386: http://download.fedoralegacy.org/redhat/9/updates/i386/php*-4.2.2-17.21.legacy.i386.rpm
Fedora Core 1:
 SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/php-4.3.11-1.fc1.6.legacy.src.rpm
 i386: http://download.fedoralegacy.org/fedora/1/updates/i386/php*-4.3.11-1.fc1.6.legacy.i386.rpm
Fedora Core 2:
 SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/php-4.3.11-1.fc2.7.legacy.src.rpm
 i386: http://download.fedoralegacy.org/fedora/2/updates/i386/php*-4.3.11-1.fc2.7.legacy.i386.rpm
Fedora Core 3:
 SRPM: http://download.fedoralegacy.org/fedora/3/updates/SRPMS/php-4.3.11-2.8.4.legacy.src.rpm
 i386: http://download.fedoralegacy.org/fedora/3/updates/i386/php*-4.3.11-2.8.4.legacy.i386.rpm
 x86_64: http://download.fedoralegacy.org/fedora/3/updates/x86_64/php*-4.3.11-2.8.4.legacy.x86_64.rpm

RHEL: new php packages.
New packages are available:
Red Hat Enterprise Linux version 3: php-4.3.2-30
Red Hat Enterprise Linux version 4: php-4.3.9-3.12

SGI ProPack: new packages.
Patch 10310 is corrected.
New packages are available:
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

SUSE: new php4,php5 packages.
New packages are available:
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php4-4.4.0-6.10.i586.rpm
         6b6f828e6f733c9117677a3a234a6602
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php5-5.0.4-9.10.i586.rpm
         76fa73bd92c918aee8c2939a92738d91
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-4.4.0-6.10.i586.rpm
         36b6ed77eaf3e83c1a4ad0625e2073f4
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-exif-4.4.0-6.10.i586.rpm
         3a3e763d075452614969450d3b86bd98
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-fastcgi-4.4.0-6.10.i586.rpm
         fc74bb5bdb43e25f5d66f91d04ce316e
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mbstring-4.4.0-6.10.i586.rpm
         28958c0a11482bc1d22cbbd6e848e74c
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-servlet-4.4.0-6.10.i586.rpm
         faab2290d9e7669d4a8d67beddf0e671
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-unixODBC-4.4.0-6.10.i586.rpm
         2285d7091733b3bc63d155fcaa778f6c
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-5.0.4-9.10.i586.rpm
         9acfc3c6dc0d6683b9a152a76a43b1bd
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-exif-5.0.4-9.10.i586.rpm
         ab4af84024ceb74d70e919f9d09a870b
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-fastcgi-5.0.4-9.10.i586.rpm
         969af2b2544aeff9646ba36947b862e5
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mbstring-5.0.4-9.10.i586.rpm
         b9810d851586255c68e6b2331f34a4c3
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pear-5.0.4-9.10.i586.rpm
         3402e2214fd4507ca9aa5c980d75bcc2
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-snmp-5.0.4-9.10.i586.rpm
         ade4990d7c6993b9c3ba5f510c5fbab7
   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php4-4.3.10-14.20.i586.rpm
         99ba46ea991c883808c304d07f33d249
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php5-5.0.3-14.20.i586.rpm
         0503aec4a5a82e1d9ae6192b222b290c
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-servlet-4.3.10-14.20.i586.rpm
         47600218946ad433fb6b6a9a6afcef0c
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-4.3.10-14.20.i586.rpm
         a2a9fc17e960178d2dbf23d8265f5585
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-devel-4.3.10-14.20.i586.rpm
         418094d3b37d1c857289f931a87548fa
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-exif-4.3.10-14.20.i586.rpm
         658e23a8c0bcad516c3b3fc1be25e6d7
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-fastcgi-4.3.10-14.20.i586.rpm
         07a2a44784204b7b52bc1d53354780e1
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-mbstring-4.3.10-14.20.i586.rpm
         bff63a95a377eefeb0189c1d6f9a485b
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pear-4.3.10-14.20.i586.rpm
         98f4b344341405fb41280dda866f9e7c
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-session-4.3.10-14.20.i586.rpm
         5f524f73d17b41c0ea3456807db527fb
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-sysvshm-4.3.10-14.20.i586.rpm
         44996581cba4c895651525549e256e5b
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-5.0.3-14.20.i586.rpm
         f80e4cf90d5bb46356990dda3ec4927b
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-devel-5.0.3-14.20.i586.rpm
         4e0d7297c74ec3b74ad714654ac317d3
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-exif-5.0.3-14.20.i586.rpm
         c570418f792f46df575ee1c8a0415873
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-fastcgi-5.0.3-14.20.i586.rpm
         ddc40c5e0157cfd67b6c716c1e140741
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mbstring-5.0.3-14.20.i586.rpm
         4259d22f50ee8f738d00feadd58d715e
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pear-5.0.3-14.20.i586.rpm
         a49ec3d0bf89a9923d9d880d056349b3
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvmsg-5.0.3-14.20.i586.rpm
         7ef1e26d736769f55cc85383f602235b
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvshm-5.0.3-14.20.i586.rpm
         1676e5b1827f3e92e2fe94f089839bce
   SUSE LINUX 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-mod_php4-4.3.8-8.23.i586.rpm
         8b953a2e17a6ee66c6a1c6046368e5f3
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mod_php4-servlet-4.3.8-8.23.i586.rpm
         e473405f2070998d0c85ec0297bf8dc1
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-4.3.8-8.23.i586.rpm
         e2162c5888c88d822bda7f53ce596ebf
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-devel-4.3.8-8.23.i586.rpm
         795f7a60d9597395d55eea6e6f9c8da1
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-exif-4.3.8-8.23.i586.rpm
         734a256606551a24db1618988a963c46
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-fastcgi-4.3.8-8.23.i586.rpm
         8b1cc300f4b8aad99431c1c827758d31
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-mbstring-4.3.8-8.23.i586.rpm
         da17518a45eaada3b62b828920f156ae
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-pear-4.3.8-8.23.i586.rpm
         796f1b0355769a86eb38011d73db12e4
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-session-4.3.8-8.23.i586.rpm
         e1b25defbee61446c0b97738ea0a247d
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-sysvshm-4.3.8-8.23.i586.rpm
         a3c2c81cc6d824559e42fe5e2328ea96
   SUSE LINUX 9.1:
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-mod_php4-4.3.4-43.53.i586.rpm
         87f721efec2666616b2a47b4944925c5
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-core-4.3.4-43.53.i586.rpm
         3612c8ee8d5b46bca8b8ad1d425b7390
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-servlet-4.3.4-43.53.i586.rpm
         fe7b6eca56264f9d3d8e90b3692be7ff
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-4.3.4-43.53.i586.rpm
         f7f2111848c814cefe02eb970a1721a6
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-devel-4.3.4-43.53.i586.rpm
         5b3bd9b8e92549fd4173d1d3252f14cd
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-exif-4.3.4-43.53.i586.rpm
         82f388d3466061f88662683ec0ba1827
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-fastcgi-4.3.4-43.53.i586.rpm
         6edcf094f473d2a41c9a837ffa756d92
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-imap-4.3.4-43.53.i586.rpm
         df6780b7209a64e48a015b53bdaa547e
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-mbstring-4.3.4-43.53.i586.rpm
         f6e4492bff66b7222b331ba9e4c5146c
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-mysql-4.3.4-43.53.i586.rpm
         ce084327411ff832ad9be66055dfd018
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-pear-4.3.4-43.53.i586.rpm
         5dee77c752b7025748ed3b4d9315e334
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-recode-4.3.4-43.53.i586.rpm
         c9931577245fd8510a8e9b2f4f653485
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-servlet-4.3.4-43.53.i586.rpm
         02799222b008aa9063955163c0fbbef6
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-session-4.3.4-43.53.i586.rpm
         c002459202d21a3383bb35d8ff67b9f4
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-sysvshm-4.3.4-43.53.i586.rpm
         a2748a58b350220eee2645a8e379547c
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-wddx-4.3.4-43.53.i586.rpm
         77deabd27e0dad24378360f611bf06f8
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability database. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.