首页焦点原创安全文摘安全工具安全漏洞焦点项目焦点论坛关于我们

English Version

最近严重漏洞

Microsoft RPC接口远程任意代码可执行漏洞

Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞

Microsoft Windows CreateFile API命名管道权限提升漏洞

PHP的 fileupload 代码存在多个远程漏洞

发布时间：2002-02-28
更新时间：2002-02-28
严重程度：高
威胁程度：普通用户访问权限
错误类型：边界检查错误
利用方式：服务器模式

受影响系统

PHP v3.10-v3.18, v4.0.1-v4.1.1

详细描述
在某些PHP版本中，处理multipart/form-data POST 请求存在漏洞可以导致远程
攻击者在目标机器上执行任意代码。

PHP支持RFC1867所描述的multipart/form-data POST请求，也就是所谓的POST文件
上载，不过在php_mime_split 函数中存在多个缓冲溢出可以导致攻击者执行任意代码。

下面是相关漏洞利用的难易程度：

PHP 3.10-3.18

      - broken boundary check (hard to exploit)
      - arbitrary heap overflow (easy exploitable)

   PHP 4.0.1-4.0.3pl1

      - broken boundary check (hard to exploit)
      - heap off by one (easy exploitable)

   PHP 4.0.2-4.0.5

      - 2 broken boundary checks (one very easy and one hard to exploit)

   PHP 4.0.6-4.0.7RC2

      - broken boundary check (very easy to exploit)

   PHP 4.0.7RC3-4.1.1

      - broken boundary check (hard to exploit)

测试代码
尚无

解决方案
请马上使用并下载补丁程序：

PHP PHP 3.0.18:

Red Hat Upgrade php-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-3.0.18-8.alpha.rpm

Red Hat Upgrade php-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-3.0.18-8.i386.rpm

Red Hat Upgrade php-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-3.0.18-8.sparc.rpm

Red Hat Upgrade php-imap-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-imap-3.0.18-8.alpha.rpm

Red Hat Upgrade php-imap-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-imap-3.0.18-8.i386.rpm

Red Hat Upgrade php-imap-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-imap-3.0.18-8.sparc.rpm

Red Hat Upgrade php-ldap-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-ldap-3.0.18-8.alpha.rpm

Red Hat Upgrade php-ldap-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-ldap-3.0.18-8.i386.rpm

Red Hat Upgrade php-ldap-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-ldap-3.0.18-8.sparc.rpm

Red Hat Upgrade php-manual-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-manual-3.0.18-8.alpha.rpm

Red Hat Upgrade php-manual-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-manual-3.0.18-8.i386.rpm

Red Hat Upgrade php-manual-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-manual-3.0.18-8.sparc.rpm

Red Hat Upgrade php-pgsql-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-pgsql-3.0.18-8.alpha.rpm

Red Hat Upgrade php-pgsql-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-pgsql-3.0.18-8.i386.rpm

Red Hat Upgrade php-pgsql-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-pgsql-3.0.18-8.sparc.rpm

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 3.0.17:

Trustix Upgrade mod_php3-3.0.18-1tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.2/RPMS/mod_php3-3.0.18-1tr.i586.rpm

Trustix Upgrade mod_php3-3.0.18-1tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.1/RPMS/mod_php3-3.0.18-1tr.i586.rpm

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

SuSE Upgrade mod_php-3.0.17RC1-31.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/mod_php-3.0.17RC1-31.ppc.rpm

SuSE Upgrade mod_php-3.0.17RC1-47.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/mod_php-3.0.17RC1-47.sparc.rpm

SuSE Upgrade mod_php-3.0.17RC1-54.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/mod_php-3.0.17RC1-54.i386.rpm

SuSE Upgrade mod_php-3.0.17RC1-54.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/mod_php-3.0.17RC1-54.i386.rpm

SuSE Upgrade mod_php-3.0.17RC1-65.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/mod_php-3.0.17RC1-65.alpha.rpm

SuSE Upgrade mod_php-3.0.17RC1-65.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/mod_php-3.0.17RC1-65.alpha.rpm

PHP PHP 3.0.16:

SuSE Upgrade mod_php-3.0.16-18.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/mod_php-3.0.16-18.alpha.rpm

SuSE Upgrade mod_php-3.0.16-79.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/mod_php-3.0.16-79.i386.rpm

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

SuSE Upgrade mod_php-3.0.16-82.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/mod_php-3.0.16-82.ppc.rpm

PHP PHP 3.0.15:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 3.0.14:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 3.0.13:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 3.0.12:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 3.0.11:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 3.0.10:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 4.0.1pl2:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 4.0.1pl1:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 4.0.1:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 4.0.2:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 4.0.3pl1:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

SuSE Upgrade mod_php4-4.0.3pl1-16.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/mod_php4-4.0.3pl1-16.alpha.rpm

SuSE Upgrade mod_php4-4.0.3pl1-27.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/mod_php4-4.0.3pl1-27.i386.rpm

PHP PHP 4.0.3:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

SuSE Upgrade mod_php4-4.0.3pl1-20.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/mod_php4-4.0.3pl1-20.ppc.rpm

PHP PHP 4.0.4:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

SuSE Upgrade mod_php4-4.0.4pl1-44.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/mod_php4-4.0.4pl1-44.alpha.rpm

SuSE Upgrade mod_php4-roxen-4.0.4pl1-44.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/mod_php4-roxen-4.0.4pl1-44.alpha.rpm

SuSE Upgrade mod_php4-4.0.4pl1-44.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/mod_php4-4.0.4pl1-44.alpha.rpm

SuSE Upgrade mod_php4-4.0.4pl1-126.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/mod_php4-4.0.4pl1-126.i386.rpm

SuSE Upgrade mod_php4-roxen-4.0.4pl1-126.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/mod_php4-roxen-4.0.4pl1-126.i386.rpm

SuSE Upgrade mod_php4-4.0.4pl1-36.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/mod_php4-4.0.4pl1-36.ppc.rpm

SuSE Upgrade mod_php4-roxen-4.0.4pl1-36.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/mod_php4-roxen-4.0.4pl1-36.ppc.rpm

SuSE Upgrade mod_php4-4.0.4pl1-126.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/mod_php4-4.0.4pl1-126.i386.rpm

SuSE Upgrade mod_php4-4.0.4pl1-36.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/mod_php4-4.0.4pl1-36.ppc.rpm

SuSE Upgrade mod_php4-4.0.4pl1-37.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/mod_php4-4.0.4pl1-37.sparc.rpm

SuSE Upgrade mod_php4-roxen-4.0.4pl1-37.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/mod_php4-roxen-4.0.4pl1-37.sparc.rpm

SuSE Upgrade mod_php4-4.0.4pl1-37.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/mod_php4-4.0.4pl1-37.sparc.rpm

PHP PHP 4.0.5:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 4.0.6:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

Trustix Upgrade mod_php4-pgsql-4.0.6-8tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/mod_php4-pgsql-4.0.6-8tr.i586.rpm

Red Hat Upgrade php-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-4.0.6-9.7.0.alpha.rpm

Red Hat Upgrade php-devel-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-devel-4.0.6-9.7.0.alpha.rpm

Red Hat Upgrade php-imap-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-imap-4.0.6-9.7.0.alpha.rpm

Red Hat Upgrade php-ldap-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-ldap-4.0.6-9.7.0.alpha.rpm

Red Hat Upgrade php-manual-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-manual-4.0.6-9.7.0.alpha.rpm

Red Hat Upgrade php-mysql-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-mysql-4.0.6-9.7.0.alpha.rpm

Red Hat Upgrade php-pgsql-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-pgsql-4.0.6-9.7.0.alpha.rpm

Red Hat Upgrade php-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-4.0.6-9.7.0.i386.rpm

Red Hat Upgrade php-devel-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-devel-4.0.6-9.7.0.i386.rpm

Red Hat Upgrade php-imap-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-imap-4.0.6-9.7.0.i386.rpm

Red Hat Upgrade php-ldap-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-ldap-4.0.6-9.7.0.i386.rpm

Red Hat Upgrade php-manual-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-manual-4.0.6-9.7.0.i386.rpm

Red Hat Upgrade php-mysql-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-mysql-4.0.6-9.7.0.i386.rpm

Red Hat Upgrade php-pgsql-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-pgsql-4.0.6-9.7.0.i386.rpm

Red Hat Upgrade php-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-4.0.6-9.7.1.alpha.rpm

Red Hat Upgrade php-devel-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-devel-4.0.6-9.7.1.alpha.rpm

Red Hat Upgrade php-imap-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-imap-4.0.6-9.7.1.alpha.rpm

Red Hat Upgrade php-ldap-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-ldap-4.0.6-9.7.1.alpha.rpm

Red Hat Upgrade php-manual-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-manual-4.0.6-9.7.1.alpha.rpm

Red Hat Upgrade php-mysql-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-mysql-4.0.6-9.7.1.alpha.rpm

Red Hat Upgrade php-pgsql-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-pgsql-4.0.6-9.7.1.alpha.rpm

Red Hat Upgrade php-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-4.0.6-9.7.1.i386.rpm

Red Hat Upgrade php-devel-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-devel-4.0.6-9.7.1.i386.rpm

Red Hat Upgrade php-imap-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-imap-4.0.6-9.7.1.i386.rpm

Red Hat Upgrade php-ldap-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-ldap-4.0.6-9.7.1.i386.rpm

Red Hat Upgrade php-manual-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-manual-4.0.6-9.7.1.i386.rpm

Red Hat Upgrade php-mysql-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-mysql-4.0.6-9.7.1.i386.rpm

Red Hat Upgrade php-pgsql-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-pgsql-4.0.6-9.7.1.i386.rpm

Red Hat Upgrade php-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-4.0.6-9.7.1.ia64.rpm

Red Hat Upgrade php-devel-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-devel-4.0.6-9.7.1.ia64.rpm

Red Hat Upgrade php-imap-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-imap-4.0.6-9.7.1.ia64.rpm

Red Hat Upgrade php-ldap-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-ldap-4.0.6-9.7.1.ia64.rpm

Red Hat Upgrade php-manual-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-manual-4.0.6-9.7.1.ia64.rpm

Red Hat Upgrade php-mysql-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-mysql-4.0.6-9.7.1.ia64.rpm

Red Hat Upgrade php-pgsql-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-pgsql-4.0.6-9.7.1.ia64.rpm

Red Hat Upgrade php-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-4.0.6-12.i386.rpm

Red Hat Upgrade php-devel-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-devel-4.0.6-12.i386.rpm

Red Hat Upgrade php-imap-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-imap-4.0.6-12.i386.rpm

Red Hat Upgrade php-ldap-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-ldap-4.0.6-12.i386.rpm

Red Hat Upgrade php-manual-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-manual-4.0.6-12.i386.rpm

Red Hat Upgrade php-mysql-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-mysql-4.0.6-12.i386.rpm

Red Hat Upgrade php-odbc-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-odbc-4.0.6-12.i386.rpm

Red Hat Upgrade php-pgsql-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-pgsql-4.0.6-12.i386.rpm

Red Hat Upgrade php-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-4.0.6-12.ia64.rpm

Red Hat Upgrade php-devel-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-devel-4.0.6-12.ia64.rpm

Red Hat Upgrade php-imap-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-imap-4.0.6-12.ia64.rpm

Red Hat Upgrade php-ldap-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-ldap-4.0.6-12.ia64.rpm

Red Hat Upgrade php-manual-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-manual-4.0.6-12.ia64.rpm

Red Hat Upgrade php-mysql-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-mysql-4.0.6-12.ia64.rpm

Red Hat Upgrade php-odbc-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-odbc-4.0.6-12.ia64.rpm

Red Hat Upgrade php-pgsql-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-pgsql-4.0.6-12.ia64.rpm

SuSE Upgrade mod_php4-core-4.0.6-148.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/mod_php4-core-4.0.6-148.i386.rpm

SuSE Upgrade mod_php4-4.0.6-148.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/mod_php4-4.0.6-148.i386.rpm

SuSE Upgrade mod_php4-servlet-4.0.6-148.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/mod_php4-servlet-4.0.6-148.i386.rpm

SuSE Upgrade mod_php4-aolserver-4.0.6-148.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n3/mod_php4-aolserver-4.0.6-148.i386.rpm

SuSE Upgrade mod_php4-core-4.0.6-147.i386.rp
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/mod_php4-core-4.0.6-147.i386.rp

SuSE Upgrade mod_php4-4.0.6-147.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/mod_php4-4.0.6-147.i386.rpm

SuSE Upgrade mod_php4-roxen-4.0.6-147.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/mod_php4-roxen-4.0.6-147.i386.rpm

SuSE Upgrade mod_php4-core-4.0.6-87.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/mod_php4-core-4.0.6-87.ppc.rpm

SuSE Upgrade mod_php4-4.0.6-87.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/mod_php4-4.0.6-87.ppc.rpm

SuSE Upgrade mod_php4-servlet-4.0.6-87.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/mod_php4-servlet-4.0.6-87.ppc.rpm

SuSE Upgrade mod_php4-aolserver-4.0.6-87.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n3/mod_php4-aolserver-4.0.6-87.ppc.rpm

SuSE Upgrade mod_php4-core-4.0.6-58.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/mod_php4-core-4.0.6-58.sparc.rpm

SuSE Upgrade mod_php4-4.0.6-58.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/mod_php4-4.0.6-58.sparc.rpm

SuSE Upgrade mod_php4-servlet-4.0.6-58.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/mod_php4-servlet-4.0.6-58.sparc.rpm

SuSE Upgrade mod_php4-aolserver-4.0.6-58.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n3/mod_php4-aolserver-4.0.6-58.sparc.rpm

Trustix Upgrade mod_php4-mysql-4.0.6-8tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/mod_php4-mysql-4.0.6-8tr.i586.rpm

Trustix Upgrade mod_php4-ldap-4.0.6-8tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/mod_php4-ldap-4.0.6-8tr.i586.rpm

Trustix Upgrade mod_php4-4.0.6-8tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/mod_php4-4.0.6-8tr.i586.rpm

PHP PHP 4.0.7RC3:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 4.0.7RC2:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 4.0.7RC1:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 4.0.7:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

PHP PHP 4.1:

php.net Upgrade PHP 4.1.2
http://www.php.net/downloads.php

运行php 4.0.3或者更以上的版本可以在编辑Php.ini文件中的(file_uploads = Off) 暂时降低威胁程度。

相关信息
参考：http://security.e-matters.de/advisories/012002.html