Description: nst has reported a vulnerability in phpWebSite, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the uploading of images when submitting an announcement. This can be exploited to upload arbitrary PHP scripts to a directory inside the web root. The vulnerability has been reported in version 0.10.0 and prior. Solution: Edit the source code to ensure that the filenames of uploaded images are properly verified.
From Upstream @ http://phpwebsite.appstate.edu/ "This is a more serious issue than we thought. We recommend you disable your announcement module immediately. We are working on a fix."
If you are running phpWebSite. Please disable all user uploading of images. Any and all image uploading is vulnerable. Wendall
An official patch is now available from: http://phpwebsite.appstate.edu/downloads/security/phpws_image_secure_patch.tgz
www-apps/phpwebsite-0.10.0-r1 is in portage, stable in x86. Other arches please mark stable ASAP.
So I've been trying to test this out, but each time I setup phpwebsite and attempt to go the main URL, I get nothing in the web browser. A search of the apache logs shows the following (about 2 errors per 1 request of url); Allowed memory size of 8388608 bytes exhausted (tried to allocate 0 bytes) Allowed memory size of 8388608 bytes exhausted (tried to allocate 0 bytes) Some quick googling didn't really show anything useful. Anyone have any ideas?
Stable on alpha.
weeve: maybe it's something similar to the problem described here : http://www.squirrelmail.org/wiki/en_US/LowMemoryProblem ppc: please test and mark stable ASAP. Setting to A since it's easily exploitable and victims can be searched with Google.
An additional patch was released, and I've added it on www-apps/phpwebsite-0.10.0-r2. 0.10.0-r1 is obsolete, all ARCHes please test -r2.
Jason, phpWebSite is kindof a memory hog. This has been resolved for our future 1.0 release. For now, if you run alot of modules, you'll have to bump your memory limit up to say 10M or 12M Wendall
rizzo: is the new patch a necessary patch for security, or for stability ?
This new patch fixes a different issue... see <http://phpwebsite.appstate.edu/index.php?module=announce&ANN_id=922&ANN_user_op=view> The BugTraq mail they refer to seems to be <http://www.securityfocus.com/archive/1/391525/2005-02-25/2005-03-03/0> I believe.
Stable on ppc.
Somewhere between 12M and 20M was the magic number here. Stable on SPARC.
alpha: please test and mark stable rizzo: please mark -r2 stable for x86 if you can
Marked x86-stable by rizzo, ready for GLSA
GLSA 200503-04