• info
• discussion
• exploit
• solution
• references

PHP4 Readfile Denial Of Service Vulnerability

Solution:
SuSE has released Security Summary Report SUSE-SR:2005:006 to address this and other issues. Please see the referenced advisory for details on obtaining and applying fixes.


PHP PHP 4.3.3

• SuSE apache2-mod_php4-4.3.3-185.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-mod_php4- 4.3.3-185.i586.rpm


• SuSE apache2-mod_php4-4.3.3-185.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-mod_p hp4-4.3.3-185.x86_64.rpm


• SuSE mod_php4-4.3.3-185.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-4.3.3-18 5.i586.rpm


• SuSE mod_php4-4.3.3-185.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-4.3. 3-185.x86_64.rpm


• SuSE mod_php4-aolserver-4.3.3-185.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-aolserve r-4.3.3-185.i586.rpm


• SuSE mod_php4-aolserver-4.3.3-185.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-aols erver-4.3.3-185.x86_64.rpm


• SuSE mod_php4-core-4.3.3-185.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-core-4.3 .3-185.i586.rpm


• SuSE mod_php4-core-4.3.3-185.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-core -4.3.3-185.x86_64.rpm


• SuSE mod_php4-servlet-4.3.3-185.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-servlet- 4.3.3-185.i586.rpm


• SuSE mod_php4-servlet-4.3.3-185.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-serv let-4.3.3-185.x86_64.rpm

PHP PHP 4.3.4

• SuSE apache2-mod_php4-4.3.4-43.25.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-mod_php4- 4.3.4-43.25.i586.rpm


• SuSE apache2-mod_php4-4.3.4-43.25.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-mod_p hp4-4.3.4-43.25.x86_64.rpm


• SuSE mod_php4-core-4.3.4-43.25.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-core-4.3 .4-43.25.i586.rpm


• SuSE mod_php4-core-4.3.4-43.25.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-core -4.3.4-43.25.x86_64.rpm


• SuSE mod_php4-servlet-4.3.4-43.25.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-servlet- 4.3.4-43.25.i586.rpm


• SuSE mod_php4-servlet-4.3.4-43.25.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-serv let-4.3.4-43.25.x86_64.rpm


• SuSE php4-4.3.4-43.25.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-4.3.4-43.25. i586.rpm


• SuSE php4-4.3.4-43.25.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-4.3.4-43 .25.x86_64.rpm


• SuSE php4-imap-4.3.4-43.25.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-imap-4.3.4-4 3.25.i586.rpm


• SuSE php4-imap-4.3.4-43.25.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-imap-4.3 .4-43.25.x86_64.rpm


• SuSE php4-mysql-4.3.4-43.25.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-mysql-4.3.4- 43.25.i586.rpm


• SuSE php4-mysql-4.3.4-43.25.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-mysql-4. 3.4-43.25.x86_64.rpm


• SuSE php4-recode-4.3.4-43.25.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-recode-4.3.4 -43.25.i586.rpm


• SuSE php4-recode-4.3.4-43.25.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-recode-4 .3.4-43.25.x86_64.rpm


• SuSE php4-servlet-4.3.4-43.25.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-servlet-4.3. 4-43.25.i586.rpm


• SuSE php4-servlet-4.3.4-43.25.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-servlet- 4.3.4-43.25.x86_64.rpm


• SuSE php4-session-4.3.4-43.25.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-session-4.3. 4-43.25.i586.rpm


• SuSE php4-session-4.3.4-43.25.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-session- 4.3.4-43.25.x86_64.rpm


• SuSE php4-wddx-4.3.4-43.25.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-wddx-4.3.4-4 3.25.i586.rpm


• SuSE php4-wddx-4.3.4-43.25.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-wddx-4.3 .4-43.25.x86_64.rpm