This week has been a particularly busy one for IT professionals with Java and Microsoft updates. While those updates were mostly client side patches, server administrators aren't off the hook. The Ruby on Rails framework and PHP language both issued security updates this week addressing multiple vulnerabilities.
PHP 5.4.4 and PHP 5.3.14
PHP is a widely deployed open source language on web servers. According to a recent survey by w3techs, PHP is used by 78 percent of known websites, including major Internet properties like Facebook, Wikipedia and Wordpress.com
A Red Hat bugzilla report on the flaw by developer Jan Lieskovsky, notes that the flaw was found in the way DES and extended DES based crypt() password encryption function performed encryption of certain keys. The flaw is that certain keys were truncated before being DES digested, which could potentially have enabled an authentication bypass.
The second flaw identified as CVE-2012-2386, is a vulnerability within the PHP phar extension. Phar enables entire PHP applications to be placed into a PHP Archive (phar) file.
"The vulnerability is caused due to an integer overflow error within the phar extension in the "phar_parse_tarfile()" function (ext/phar/tar.c) and can be exploited to cause a heap-based buffer overflow via a specially crafted TAR file," Security firm Secunia stated in its advisory.
Secunia warned that successful exploitation of the Phar vulnerability may allow execution of arbitrary code.
Ruby on Rails
Ruby on Rails (Rails) is a popular open source web framework, that powers many popular sites, including Github. Githubwas exposed as being at risk in March due to Rails vulnerability that has since been patched.
Rails 3.2.6 is now being patched for a pair of new vulnerabilities that could leave users at risk. CVE-2012-2694 details a Ruby on Rails Unsafe Query Generation Risk in Ruby on Rails risk while CVE-2012-2695 defines a Ruby on Rails SQL Injection vulnerability.
"Input passed to the Active Record interface via nested query parameters is not properly sanitised before being used in SQL queries," Secunia wrote in its advisory. "This can be exploited to manipulate SQL queries by injecting arbitrary SQL code."