Advisories ยป MGASA-2014-0434

Updated php-ZendFramework packages fix security vulnerabilities

Publication date: 29 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-8088 , CVE-2014-8089

Description

Due to a bug in PHP's LDAP extension, when ZendFramework's Zend_ldap class is
used for logins, an attacker can login as any user by using a null byte to
bypass the empty password check and perform an unauthenticated LDAP bind
(CVE-2014-8088).

The sqlsrv PHP extension, which provides the ability to connect to Microsoft
SQL Server from PHP, does not provide a built-in quoting mechanism for
manually quoting values to pass via SQL queries; developers are encouraged to
use prepared statements. Zend Framework provides quoting mechanisms via
Zend_Db_Adapter_Sqlsrv which uses the recommended "double single quote" ('')
as quoting delimiters. SQL Server treats null bytes in a query as a string
terminator, allowing an attacker to add arbitrary SQL following a null byte,
and thus create a SQL injection (CVE-2014-8089).
                

References

SRPMS

4/core

3/core