Document ID: KM02992243 (c01037883)
Release Date: 2002-03-28
Last Updated: 2007-04-26
Potential Security Impact: Remote Execution of Arbitrary Code
Source: Hewlett-Packard Company, HP Software Security Response Team
Potential Security Vulnerabilities with Compaq Secure Web Server (CSWS) using PHP and Apache mod_ssl could allow for remote execution of arbitrary code.
References: CVE Candidate PHP (CAN-2002-0081) , Apache mod_ssl (CAN-2002-0082)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
CSWS (SSRT0817) PHP (SSRT0821) Apache mod_ssl
OpenVMS V7.1-2 or later CSWS_PHP V1.0 CSWS V1.0-1, CSWS V1.1-1, CSWS V1.2
TRU64 UNIX V5.0A or later CSWS V5.5.2 CSWS V5.5.2
For a PGP signed version of this security bulletin please write to: firstname.lastname@example.org
PHP (Hypertext Preprocessor scripting language). PHP does not perform proper bounds checking on in functions related to Form-based File Uploads in HTML to decode MIME encoded files. This potential buffer overflow vulnerability may allow arbitrary code to be executed.
(SSRT0821) Apache mod_ssl
Apache/mod_ssl session cache management routines use an unchecked buffer that could potentially allow an overflow of a session cache buffer. This potential vulnerability may allow arbitrary code to be executed.
Compaq has corrected both problems and created patches that are now available for CSWS (Compaq Secure Web Server) for OpenVMS and TRU64 UNIX.
CSWS for OpenVMS V7.1-2 or later:
A Compaq Secure Web Server security update kit is available for download at:http://www.openvms.compaq.com/openvms/products/ips/apache/csws_patches.html
Installed Version - Update Kit
CSWS_PHP 1.0 update to CSWS_PHP10_UPDATE V1.0
NOTE: (SSRT0817) PHP - For OpenVMS - if upgrading is not possible or a patch cannot be applied immediately, the potential PHP overflow vulnerability may be minimized by adding the following line to MOD_PHP.CONF file: PHP_FLAG file_uploads OFF This will prevent using fileuploads, which may not be an acceptable short-term solution.
Installed Version - Update Kit
CSWS V1.2 update to CSWS12_UPDATE V1.0
CSWS V1.1-1 update to CSWS111_UPDATE V1.0
CSWS V1.0-1 update to CSWS101_UPDATE V1.0
TRU64 UNIX for V5.0a or later:
Compaq Secure Web Server security update kit is available for download at:http://tru64unix.compaq.com/internet/download.htm#sws_v582 select and install the CSWS (Compaq Secure Web Server) kit V5.8.2
Installed Version - Updated Server Kit
CSWS V5.5.2 update to CSWS V5.8.2
Revision: 0 (rev.0) - 28 March 2002 Initial release
Version: 1 (rev.1) - 16 May 2005 Reformatted
Version: 2 (rev.2) - 26 April 2007 Reformatted
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."