BID:2205 - PHP Engine Disable Source Viewing Vulnerability

PHP Engine Disable Source Viewing Vulnerability

BID:2205

Info

PHP Engine Disable Source Viewing Vulnerability

Bugtraq ID:	2205
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 12 2001 12:00AM
Updated:	Jan 12 2001 12:00AM
Credit:	This vulnerablility was first announced by Zeev Suraski <[email protected]> in an advisory posted to Bugtraq on January 12, 2001.
Vulnerable:	PHP PHP 4.0.4 + Compaq Compaq Secure Web Server PHP 1.0 + Guardian Digital Engarde Secure Linux 1.0.1 + SuSE Linux 7.2 + SuSE Linux 7.1 x86 + SuSE Linux 7.1 sparc + SuSE Linux 7.1 ppc + SuSE Linux 7.1 alpha + SuSE Linux 7.1 + SuSE Linux 7.0 sparc + SuSE Linux 7.0 ppc + SuSE Linux 7.0 i386 + SuSE Linux 7.0 alpha + SuSE Linux 7.0 PHP PHP 4.0.3 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 IA-32 + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 + Sun Cobalt Control Station 4100CS + Sun Cobalt Qube3 Japanese 4000WGJ + Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ + Sun Cobalt Qube3 Japanese w/Caching 4010WGJ + Sun Cobalt RaQ XTR 3500R + Sun Cobalt RaQ XTR Japanese 3500R-ja PHP PHP 4.0.1 + Sun Cobalt Qube3 4000WG + Sun Cobalt Qube3 w/ Caching and RAID 4100WG + Sun Cobalt Qube3 w/Caching 4010WG + Sun Cobalt RaQ4 3001R + Sun Cobalt RaQ4 Japanese RAID 3100R-ja + Sun Cobalt RaQ4 RAID 3100R PHP PHP 4.0 0 Mandriva Linux Mandrake 7.2

Not Vulnerable:

Solution / Fix

PHP Engine Disable Source Viewing Vulnerability

Solution:
Upgrades available:

PHP PHP 4.0 0

PHP php-4.0.4pl1.tar.gz
http://www.php.net/do_download.php?download_file=php-4.0.4pl1.tar.gz&s ource_site=www.php.net

PHP PHP 4.0.1

PHP php-4.0.4pl1.tar.gz
http://www.php.net/do_download.php?download_file=php-4.0.4pl1.tar.gz&s ource_site=www.php.net

PHP PHP 4.0.3

PHP php-4.0.4pl1.tar.gz
http://www.php.net/do_download.php?download_file=php-4.0.4pl1.tar.gz&s ource_site=www.php.net

PHP PHP 4.0.4

PHP php-4.0.4pl1.tar.gz
http://www.php.net/do_download.php?download_file=php-4.0.4pl1.tar.gz&s ource_site=www.php.net

Mandriva Linux Mandrake 7.2

MandrakeSoft 7.2 i386 mod_php-4.0.4pl1-1.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ mod_php-4.0.4pl1-1.1mdk.i586.rpm

MandrakeSoft 7.2 i386 php-4.0.4pl1-1.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ php-4.0.4pl1-1.1mdk.i586.rpm

MandrakeSoft 7.2 i386 php-dba_gdbm_db2-4.0.4pl1-1.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ php-dba_gdbm_db2-4.0.4pl1-1.1mdk.i586.rpm

MandrakeSoft 7.2 i386 php-devel-4.0.4pl1-1.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ php-devel-4.0.4pl1-1.1mdk.i586.rpm

MandrakeSoft 7.2 i386 php-gd-4.0.4pl1-1.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ php-gd-4.0.4pl1-1.1mdk.i586.rpm

MandrakeSoft 7.2 i386 php-imap-4.0.4pl1-1.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ php-imap-4.0.4pl1-1.1mdk.i586.rpm

MandrakeSoft 7.2 i386 php-ldap-4.0.4pl1-1.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ php-ldap-4.0.4pl1-1.1mdk.i586.rpm

MandrakeSoft 7.2 i386 php-manual-4.0.4pl1-1.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ php-manual-4.0.4pl1-1.1mdk.i586.rpm

MandrakeSoft 7.2 i386 php-mysql-4.0.4pl1-1.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ php-mysql-4.0.4pl1-1.1mdk.i586.rpm

MandrakeSoft 7.2 i386 php-pgsql-4.0.4pl1-1.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ php-pgsql-4.0.4pl1-1.1mdk.i586.rpm

MandrakeSoft 7.2 i386 php-readline-4.0.4pl1-1.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ php-readline-4.0.4pl1-1.1mdk.i586.rpm

References

PHP Engine Disable Source Viewing Vulnerability

References: