Intrusion Prevention

PHP.memory.limit.Code.Execution

Description

This indicates a possible exploit of a memory corruption vulnerability in the memory_limit functionality in PHP.
This issue is caused by an error when PHP is handling a memory_limit abort.It allows a remote attacker to execute arbitrary code via sending a crafted http request to a php file.

Affected Products

Trustix Secure Linux 2.1
Trustix Secure Linux 2.0
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
RedHat Stronghold 4.0
RedHat Fedora Core2
RedHat Fedora Core1
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux AS 3
RedHat Desktop 3.0
PHP PHP 5.0 candidate 3
PHP PHP 5.0 candidate 2
PHP PHP 5.0 candidate 1
PHP PHP 4.3.7
PHP PHP 4.3.6
PHP PHP 4.3.5
PHP PHP 4.3.3
PHP PHP 4.3.2
PHP PHP 4.3.1
PHP PHP 4.3
PHP PHP 4.2.3
PHP PHP 4.2.2
PHP PHP 4.2.1
PHP PHP 4.2 .0
PHP PHP 4.2 -dev
PHP PHP 4.1.2
PHP PHP 4.1.1
PHP PHP 4.1 .0
PHP PHP 4.0.7 RC3
PHP PHP 4.0.7 RC2
PHP PHP 4.0.7 RC1
PHP PHP 4.0.7
PHP PHP 4.0.6
PHP PHP 4.0.5
PHP PHP 4.0.4
PHP PHP 4.0.3 pl1
PHP PHP 4.0.3
PHP PHP 4.0.2
PHP PHP 4.0.1 pl2
PHP PHP 4.0.1 pl1
PHP PHP 4.0.1
PHP PHP 4.0 0
PHP PHP 3.0.18
PHP PHP 3.0.17
PHP PHP 3.0.16
PHP PHP 3.0.15
PHP PHP 3.0.14
PHP PHP 3.0.13
PHP PHP 3.0.12
PHP PHP 3.0.11
PHP PHP 3.0.10
PHP PHP 3.0.9
PHP PHP 3.0.8
PHP PHP 3.0.7
PHP PHP 3.0.6
PHP PHP 3.0.5
PHP PHP 3.0.4
PHP PHP 3.0.3
PHP PHP 3.0.2
PHP PHP 3.0.1
PHP PHP 3.0 0
PHP PHP 3.0 .16
PHP PHP 3.0 .13
PHP PHP 3.0 .12
PHP PHP 3.0 .11
PHP PHP 3.0 .10
HP OpenVMS Secure Web Server 7.3 -2
HP OpenVMS Secure Web Server 7.3 -1
HP OpenVMS Secure Web Server 7.3
HP OpenVMS Secure Web Server 7.2 -2
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.11
HP HP-UX B.11.00
HP Compaq Secure Web Server for OpenVMS 2.0 PHP
HP Compaq Secure Web Server for OpenVMS 2.0
HP Compaq Secure Web Server for OpenVMS 1.3
HP Compaq Secure Web Server for OpenVMS 1.2
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Integrated Management
Avaya Converged Communications Server 2.0
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.1.5
Apple Mac OS X Server 10.1.4
Apple Mac OS X Server 10.1.3
Apple Mac OS X Server 10.1.2
Apple Mac OS X Server 10.1.1
Apple Mac OS X Server 10.1
Apple Mac OS X Server 10.0
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Apple Mac OS X 10.2.8
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2
Apple Mac OS X 10.1.5
Apple Mac OS X 10.1.4
Apple Mac OS X 10.1.3
Apple Mac OS X 10.1.2
Apple Mac OS X 10.1.1
Apple Mac OS X 10.1
Apple Mac OS X 10.1
Apple Mac OS X 10.0.4
Apple Mac OS X 10.0.3
Apple Mac OS X 10.0.2
Apple Mac OS X 10.0.1
Apple Mac OS X 10.0 3
Apple Mac OS X 10.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Redhat has released an advisory (FEDORA-2004-223) and fixes addressing this issue for Fedora Core 2. Please see the referenced advisory for further details regarding obtaining and applying appropriate fixes.
Redhat has released an advisory (FEDORA-2004-222) and fixes addressing this issue for Fedora Core 1. Please see the referenced advisory for further details regarding obtaining and applying appropriate fixes.
Avaya has released an updated advisory that acknowledges this vulnerability for Avaya products. Some fixes are not currently available; customers are advised to contact the vendor for further details regarding fix availability. Please see the referenced Avaya advisory at the following location for further details:
http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=198054&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()
TinySofa Linux has released advisory TSSA-2004-013 along with fixes dealing with this issue. Please see the referenced advisory for more information.
Mandrake Linux has released advisory MDKSA-2004:068 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.
Gentoo Linux has released advisory GLSA 200407-13 dealing with this and other issues. All PHP, mod_php and php-cgi users should upgrade to the latest stable
version:
# emerge sync
# emerge -pv ">=dev-php/php-4.3.8"
# emerge ">=dev-php/php-4.3.8"
# emerge -pv ">=dev-php/mod_php-4.3.8"
# emerge ">=dev-php/mod_php-4.3.8"
# emerge -pv ">=dev-php/php-cgi-4.3.8"
# emerge ">=dev-php/php-cgi-4.3.8"
For more information please see the referenced Gentoo Linux advisory.
SuSE Linux has released an advisory (SUSE-SA:2004:021) along with fixes dealing with this and other issues. Please see the referenced advisory for more information.
Conectiva Linux has released an announcement (CLSA-2004:847) dealing with this and other issues. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2004:395-10 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
Debian has released advisory DSA 531-1 dealing with this and other issues. Please see the referenced advisory for more information.
OpenPKG has released advisory OpenPKG-SA-2004.034 dealing with this and other issues. Please see the referenced advisory for further information.
RedHat has released an advisory (RHSA-2004:405-06) to address various issues in Stronghold. Updated Stronghold 4 packages have been released. RedHat users are advised to upgrade their computers by carrying out the following command to launch the update agent service:
bin/agent
Please see the RedHat advisory in web references for more information.
Trustix Secure Linux has released advisory TSL-2004-0039 to address this, and other issues. Please see the referenced advisory for further information.
Hewlett-Packard has released advisory SSRT4777 along with a resolution dealing with this issue. Please see the referenced advisory for more information.
Hewlett-Packard has released a second advisory (SSRT4812) dealing with this issue. HP has also reported that some of their OpenVMS servers as well as their Compaq Secure Web Server are vulnerable to this issue. Please see the referenced advisory for more information.
The vendor has released an upgrade that resolves this issue.
Apple Computers has released advisory APPLE-SA-2005-01-25 along with a security update dealing with this and other issues. Please see the referenced advisory for more information.
Debian Linux has released an advisory (DSA 669-1) dealing with this issue. Please see the reference section for more information.
Red Hat has released advisory RHSA-2005:816-10 to address this issue for Red Hat Stronghold for Enterprise Linux. Please see the referenced advisory for further information on obtaining fixes.
HP HP-UX B.11.11
* HP HP-UX Apache-based Web Server v.2.0.50.00
http://software.hp.com
HP HP-UX B.11.23
* HP HP-UX Apache-based Web Server v.2.0.50.00
http://software.hp.com
HP HP-UX B.11.11
* HP HP-UX Apache-based Web Server v.2.0.50.00
http://software.hp.com
HP HP-UX B.11.00
* HP HP-UX Apache-based Web Server v.2.0.50.00
http://software.hp.com
Apple Mac OS X 10.2.8
* Apple Security Update 2005-001 (Mac OS X 10.2.8 Client) 1.0
http://www.apple.com/support/downloads/securityupdate2005001macosx1028 client.html
Apple Mac OS X Server 10.2.8
* Apple Security Update 2005-001 (Mac OS X 10.2.8 Server) 1.0
http://www.apple.com/support/downloads/securityupdate2005001macosx1028 server.html
Apple Mac OS X Server 10.3.7
* Apple Security Update 2005-001 (Mac OS X 10.3.7 Server) 1.0
http://www.apple.com/support/downloads/securityupdate2005001macosx1037 server.html
* Apple Mac OS X 10.3.8 upgrade
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05368&plat form=osx&method=sa/MacOSXUpdate10.3.8.dmg
Apple Mac OS X 10.3.7
* Apple Security Update 2005-001 (Mac OS X 10.3.7 Client) 1.0
http://www.apple.com/support/downloads/securityupdate2005001macosx1037 client.html
* Apple Mac OS X 10.3.8 upgrade
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05368&plat form=osx&method=sa/MacOSXUpdate10.3.8.dmg
PHP PHP 4.0 0
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.0.1
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.0.1 pl2
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.0.2
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.0.3 pl1
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.0.3
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.0.5
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.0.7 RC1
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.0.7 RC2
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.0.7
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.1 .0
* PHP PHP 4.3.8
http://www.php.net/downloads.php
* SuSE mod_php4-4.1.0-317.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-4.1.0-317.i386 .patch.rpm
* SuSE mod_php4-core-4.1.0-317.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-core-4.1.0-317 .i386.patch.rpm
* SuSE mod_php4-servlet-4.1.0-317.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-servlet-4.1.0- 317.i386.patch.rpm
* SuSE mod_php4-4.1.0-317.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-4.1.0-317.i386 .rpm
* SuSE mod_php4-core-4.1.0-317.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-core-4.1.0-317 .i386.rpm
* SuSE mod_php4-servlet-4.1.0-317.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-servlet-4.1.0- 317.i386.rpm
PHP PHP 4.2 -dev
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.2.1
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.3
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.3.2
* PHP PHP 4.3.8
http://www.php.net/downloads.php
PHP PHP 4.3.3
* Fedora php-4.3.8-1.1.i386.rpm
RedHat Fedora Core 1
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
* Fedora php-debuginfo-4.3.8-1.1.i386.rpm
RedHat Fedora Core 1
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
* Fedora php-devel-4.3.8-1.1.i386.rpm
RedHat Fedora Core 1
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
* Fedora php-domxml-4.3.8-1.1.i386.rpm
RedHat Fedora Core 1
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
* Fedora php-imap-4.3.8-1.1.i386.rpm
RedHat Fedora Core 1
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
* Fedora php-ldap-4.3.8-1.1.i386.rpm
RedHat Fedora Core 1
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
* Fedora php-mbstring-4.3.8-1.1.i386.rpm
RedHat Fedora Core 1
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
* Fedora php-mysql-4.3.8-1.1.i386.rpm
RedHat Fedora Core 1
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
* Fedora php-odbc-4.3.8-1.1.i386.rpm
RedHat Fedora Core 1
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
* Fedora php-pgsql-4.3.8-1.1.i386.rpm
RedHat Fedora Core 1
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
* Fedora php-snmp-4.3.8-1.1.i386.rpm
RedHat Fedora Core 1
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
* Fedora php-xmlrpc-4.3.8-1.1.i386.rpm
RedHat Fedora Core 1
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
* Mandrake lib64php_common432-4.3.3-2.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake libphp_common432-4.3.3-2.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php
* Mandrake php-cgi-4.3.3-2.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake php-cgi-4.3.3-2.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php
* Mandrake php-cli-4.3.3-2.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake php-cli-4.3.3-2.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php
* Mandrake php432-devel-4.3.3-2.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake php432-devel-4.3.3-2.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php
* PHP PHP 4.3.8
http://www.php.net/downloads.php
* SuSE mod_php4-4.3.3-177.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-4.3.3-17 7.i586.patch.rpm
* SuSE mod_php4-4.3.3-177.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-4.3. 3-177.x86_64.patch.rpm
* SuSE mod_php4-core-4.3.3-177.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-core-4.3 .3-177.i586.patch.rpm
* SuSE mod_php4-core-4.3.3-177.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-core -4.3.3-177.x86_64.patch.rpm
* SuSE mod_php4-servlet-4.3.3-177.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-servlet- 4.3.3-177.i586.patch.rpm
* SuSE mod_php4-servlet-4.3.3-177.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-serv let-4.3.3-177.x86_64.patch.rpm
* SuSE mod_php4-4.3.3-177.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-4.3.3-17 7.i586.rpm
* SuSE mod_php4-4.3.3-177.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-4.3. 3-177.x86_64.rpm
* SuSE mod_php4-core-4.3.3-177.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-core-4.3 .3-177.i586.rpm
* SuSE mod_php4-core-4.3.3-177.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-core -4.3.3-177.x86_64.rpm
* SuSE mod_php4-servlet-4.3.3-177.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-servlet- 4.3.3-177.i586.rpm
* SuSE mod_php4-servlet-4.3.3-177.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-serv let-4.3.3-177.x86_64.rpm
PHP PHP 4.3.5
* PHP PHP 4.3.8
http://www.php.net/downloads.php
* Trustix mod_php4-4.3.8-1tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
* Trustix mod_php4-cli-4.3.8-1tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
* Trustix mod_php4-devel-4.3.8-1tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
* Trustix mod_php4-domxml-4.3.8-1tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
* Trustix mod_php4-exif-4.3.8-1tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
* Trustix mod_php4-gd-4.3.8-1tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
* Trustix mod_php4-imap-4.3.8-1tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
* Trustix mod_php4-ldap-4.3.8-1tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
* Trustix mod_php4-mysql-4.3.8-1tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
* Trustix mod_php4-pgsql-4.3.8-1tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
* Trustix mod_php4-test-4.3.8-1tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
PHP PHP 4.3.6
* Conectiva php4-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-4.3.6-63187U10_1cl .i386.rpm
* Conectiva php4-dba-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-dba-4.3.6-63187U10 _1cl.i386.rpm
* Conectiva php4-devel-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-devel-4.3.6-63187U 10_1cl.i386.rpm
* Conectiva php4-doc-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-doc-4.3.6-63187U10 _1cl.i386.rpm
* Conectiva php4-doc-es-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-doc-es-4.3.6-63187 U10_1cl.i386.rpm
* Conectiva php4-doc-pt_BR-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-doc-pt_BR-4.3.6-63 187U10_1cl.i386.rpm
* Conectiva php4-imap-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-imap-4.3.6-63187U1 0_1cl.i386.rpm
* Conectiva php4-ldap-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-ldap-4.3.6-63187U1 0_1cl.i386.rpm
* Conectiva php4-mcrypt-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-mcrypt-4.3.6-63187 U10_1cl.i386.rpm
* Conectiva php4-mhash-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-mhash-4.3.6-63187U 10_1cl.i386.rpm
* Conectiva php4-mnogosearch-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-mnogosearch-4.3.6- 63187U10_1cl.i386.rpm
* Conectiva php4-mssql-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-mssql-4.3.6-63187U 10_1cl.i386.rpm
* Conectiva php4-mysql-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-mysql-4.3.6-63187U 10_1cl.i386.rpm
* Conectiva php4-odbc-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-odbc-4.3.6-63187U1 0_1cl.i386.rpm
* Conectiva php4-pgsql-4.3.6-63187U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/10/RPMS/php4-pgsql-4.3.6-63187U 10_1cl.i386.rpm
* PHP PHP 4.3.8
http://www.php.net/downloads.php
* SuSE mozilla-1.7.11-9.5.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-1.7.11-9 .5.i586.rpm
* SuSE mozilla-calendar-1.7.11-9.5.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-calendar -1.7.11-9.5.i586.rpm
* SuSE mozilla-devel-1.7.11-9.5.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-devel-1. 7.11-9.5.i586.rpm
PHP PHP 5.0 candidate 1
* PHP PHP 5.0.0
http://www.php.net/downloads.php

CVE References

CVE-2004-0594