- Package name
- Advisory ID
- Affected versions
- 7.2 i586
There are two security problems with php4 as shipped in Linux-Mandrake 7.2. It is possible to specify PHP directives on a per-directory basis under Apache and a remote attacker could carefully craft an HTTP request that would cause the next page to be served with the wrong values for these directives. The second problem is that although PHP may be installed, it can be activated and deactivated on a per- directory or per-virtual host basis using the "engine=on" or "engine=off" directive. PHP can "leak" the "engine=off" setting to other virtual hosts on the same machine, effectively disabling PHP for those hosts and resulting in PHP source code being sent to the client instead of being executed on the server. These vulnerabilities are corrected in PHP 4.0.4pl1.
f54b0ce745c1903794522b04eba99576 7.2/RPMS/mod_php-4.0.4pl1-1.1mdk.i586.rpm c39a3f03e58b3234af7f95e0b1ebbb4d 7.2/RPMS/php-4.0.4pl1-1.1mdk.i586.rpm b74cd72804ec86a6287dcee0c938eb1a 7.2/RPMS/php-dba_gdbm_db2-4.0.4pl1-1.1mdk.i586.rpm d29d2c054274a98726da22c2fa2e02c6 7.2/RPMS/php-devel-4.0.4pl1-1.1mdk.i586.rpm c20961189744753ee91a6fd834a937c0 7.2/RPMS/php-gd-4.0.4pl1-1.1mdk.i586.rpm e9d3312f15355741243450c7d74872d9 7.2/RPMS/php-imap-4.0.4pl1-1.1mdk.i586.rpm a68b22849371aaf36fa8e3c1d549dbbf 7.2/RPMS/php-ldap-4.0.4pl1-1.1mdk.i586.rpm ff06eb076f3e8673b39dc5f260320ee7 7.2/RPMS/php-manual-4.0.4pl1-1.1mdk.i586.rpm 70dc4d1e9175a7ec6dfa1647e7db81ba 7.2/RPMS/php-mysql-4.0.4pl1-1.1mdk.i586.rpm 91f93f9f40b4aa44774a35af508ce17a 7.2/RPMS/php-pgsql-4.0.4pl1-1.1mdk.i586.rpm 4f67c0695fa61c1d76f1cba399441398 7.2/RPMS/php-readline-4.0.4pl1-1.1mdk.i586.rpm 81e7aae1084066990f95a82a2fd07d26 7.2/SRPMS/php-4.0.4pl1-1.1mdk.src.rpm