PHP HTTP POST Incorrect MIME Header Parsing Vulnerability

PHP HTTP POST Incorrect MIME Header Parsing Vulnerability

Solution:
IBM has reported that the PHP version offered through the AIX Toolbox for Linux Applications is not vulnerable. Additionally, AIX is not vulnerable to this issue.

HP has released a security bulletin stating that HP9000 Servers running HP-UX release 11.00, 11.11, 11.20, and 11.22 with the HP Apache product installed are vulnerable to this issue. Users are advised to download the following software bundles from

http://www.software.hp.com/ISS_products_list.html:

hp apache-based web server v.1.3.26.03 on hp-ux 11.0 and 11i (pa-risc)
hp apache-based web server v.1.3.26.03 on hp-ux 11i version 1.5 and 1.6 (ipf)
hp apache-based web server v.2.0.39.03 on hp-ux 11.0 and 11i (pa-risc)
hp apache-based web server v.2.0.39.03 on hp-ux 11i (pa-risc) for ipv6
hp apache-based web server v.2.0.39.03 on hp-ux 11i version 1.5 and 1.6 (ipf)

Further details are available in HP Security Bulletin HPSBUX0208-207.

The vendor has also released a newer version of PHP to address this vulnerability:

PHP PHP 4.2 .0

PHP php-4.2.2-Win32.zip
PHP 4.2.2 Win32 binaries.
http://www.php.net/do_download.php?download_file=php-4.2.2-Win32.zip

PHP php-4.2.2.tar.gz
PHP 4.2.2 source code.
http://www.php.net/do_download.php?download_file=php-4.2.2.tar.gz

PHP PHP 4.2.1

PHP php-4.2.2-Win32.zip
PHP 4.2.2 Win32 binaries.
http://www.php.net/do_download.php?download_file=php-4.2.2-Win32.zip

PHP php-4.2.2.tar.gz
PHP 4.2.2 source code.
http://www.php.net/do_download.php?download_file=php-4.2.2.tar.gz

Slackware php-4.2.2-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/patches/packag es/php-4.2.2-i386-1.tgz