Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Not Affected
Mac OS X and Mac OS X Server are shipping with PHP version 4.1.2 which does not contain the vulnerability described in this alert.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: July 22, 2002
Unknown
SOURCE: Compaq Computer Corporation, a wholly-owned subsidiary of Hewlett-Packard Company and Hewlett-Packard Company HP Services Software Security Response Team x-ref: SSRT2300 php post requests At the time of writing this document, Compaq is currently investigating the potential impact to Compaq's released Operating System software products. As further information becomes available Compaq will provide notice of the availability of any necessary patches through standard security bulletin announcements and be available from your normal HP Services supportchannel.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: July 23, 2002
Not Affected
PHP 4.2.x is not shipped with Conectiva Linux.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Not Affected
Cray, Inc. does not supply PHP on any of its systems.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Affected
Debian GNU/Linux stable aka 3.0 is not vulnerable. Debian GNU/Linux testing is not vulnerable. Debian GNU/Linux unstable is vulnerable. The problem effects PHP versions 4.2.0 and 4.2.1. Woody ships an older version of PHP (4.1.2), that doesn't contain the vulnerable function.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 23, 2002
Not Affected
F5 Networks products do not include PHP 4.2.0 or 4.2.1, and are therefore not affected by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Affected
FreeBSD does not include any version of PHP by default, and so is not vulnerable; however, the FreeBSD Ports Collection does contain the PHP4 package. Updates to the PHP4 package are in progress and a corrected package will be available in the near future.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: July 22, 2002
Not Affected
Guardian Digital has not shipped PHP 4.2.x in any versions of EnGarde, therefore we are not believed to be vulnerable at this time.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 25, 2002
Not Affected
We have verified that this problem is not present on our distributions for HP Tru64 UNIX or HP OpenVMS products.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Not Affected
IBM is not vulnerable to the above vulnerabilities in PHP. We do supply the PHP packages for AIX through the AIX Toolbox for Linux Applications. However, these packages are at 4.0.6 and also incorporate the security patch from 2/27/2002.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Affected
Mandrake Linux does not ship with PHP version 4.2.x and as such is not vulnerable. The Mandrake Linux cooker does currently contain PHP 4.2.1 and will be updated shortly, but cooker should not be used in a production environment and no advisory will be issued.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Not Affected
Microsoft products are not affected by the issues detailed in this advisory.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Not Affected
No Netapp products are vulnerable to this.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: July 22, 2002
Affected
See http://www.php.net/release_4_2_2.php.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Not Affected
None of our commercial releases ship with vulnerable versions of PHP (4.2.0, 4.2.1).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 24, 2002
Unknown
SGI acknowledges the PHP vulnerabilitity reported by CERT and is currently investigating. PHP does not currently ship as part of IRIX so SGI can confirm that base IRIX is not vulnerable. No further information is available at this time. For the protection of all our customers, SGI does not disclose, discuss or confirm vulnerabilities until a full investigation has occurred and any necessary patch(es) or release streams are available for all vulnerable and supported IRIX operating systems. Until SGI has more definitive information to provide, customers are encouraged to assume all security vulnerabilities as exploitable and take appropriate steps according to local site security policies and requirements. As further information becomes available, additional advisories will be issued via the normal SGI security information distribution methods including the wiretap mailing list on http://www.sgi.com/support/security/.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Not Affected
SuSE Linux is not vulnerable to this problem, as we do not ship PHP 4.2.x.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Not Affected
Caldera OpenLinux does not provide either vulnerable version (4.2.0, 4.2.1) of PHP in their products. Therefore, Caldera products are not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: July 24, 2002
Not Affected
The TSL team states that none of the versions of the Trustix Secure Linux distribution is vulnerable to the php 4.2.{0,1} vulnerability (CA-2002-21) as none of the TSL versions is shipped with php 4.2.x.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: July 22, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 22, 2002 Updated: May 30, 2003
Not Affected
A response to this vulnerability is available from our web site: http://www.xerox.com/security.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.