3Com Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Alcatel Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Apple Computer Inc. Not Affected

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Not Affected

Vendor Statement

Mac OS X and Mac OS X Server are shipping with PHP version 4.1.2 which does not contain the vulnerability described in this alert.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

AT&T Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

BSDI Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cisco Systems Inc. Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Compaq Computer Corporation Unknown

Updated:  July 22, 2002

Status

Unknown

Vendor Statement

SOURCE: Compaq Computer Corporation, a wholly-owned subsidiary of Hewlett-Packard Company and Hewlett-Packard Company HP Services Software Security Response Team x-ref: SSRT2300 php post requests At the time of writing this document, Compaq is currently investigating the potential impact to Compaq's released Operating System software products. As further information becomes available Compaq will provide notice of the availability of any necessary patches through standard security bulletin announcements and be available from your normal HP Services supportchannel.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Computer Associates Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Conectiva Not Affected

Updated:  July 23, 2002

Status

Not Affected

Vendor Statement

PHP 4.2.x is not shipped with Conectiva Linux.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cray Inc. Not Affected

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Not Affected

Vendor Statement

Cray, Inc. does not supply PHP on any of its systems.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Data General Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Debian Affected

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Affected

Vendor Statement

Debian GNU/Linux stable aka 3.0 is not vulnerable. Debian GNU/Linux testing is not vulnerable. Debian GNU/Linux unstable is vulnerable. The problem effects PHP versions 4.2.0 and 4.2.1. Woody ships an older version of PHP (4.1.2), that doesn't contain the vulnerable function.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

F5 Networks Not Affected

Notified:  July 22, 2002 Updated: July 23, 2002

Status

Not Affected

Vendor Statement

F5 Networks products do not include PHP 4.2.0 or 4.2.1, and are therefore not affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

FreeBSD Affected

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Affected

Vendor Statement

FreeBSD does not include any version of PHP by default, and so is not vulnerable; however, the FreeBSD Ports Collection does contain the PHP4 package. Updates to the PHP4 package are in progress and a corrected package will be available in the near future.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Fujitsu Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Guardian Digital Inc. Not Affected

Updated:  July 22, 2002

Status

Not Affected

Vendor Statement

Guardian Digital has not shipped PHP 4.2.x in any versions of EnGarde, therefore we are not believed to be vulnerable at this time.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Guardian Digital Inc. Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hewlett-Packard Company Not Affected

Notified:  July 22, 2002 Updated: July 25, 2002

Status

Not Affected

Vendor Statement

We have verified that this problem is not present on our distributions for HP Tru64 UNIX or HP OpenVMS products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBM Not Affected

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Not Affected

Vendor Statement

IBM is not vulnerable to the above vulnerabilities in PHP. We do supply the PHP packages for AIX through the AIX Toolbox for Linux Applications. However, these packages are at 4.0.6 and also incorporate the security patch from 2/27/2002.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Intel Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Juniper Networks Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lachman Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lotus Software Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lucent Technologies Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MandrakeSoft Affected

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Affected

Vendor Statement

Mandrake Linux does not ship with PHP version 4.2.x and as such is not vulnerable. The Mandrake Linux cooker does currently contain PHP 4.2.1 and will be updated shortly, but cooker should not be used in a production environment and no advisory will be issued.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Microsoft Corporation Not Affected

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Not Affected

Vendor Statement

Microsoft products are not affected by the issues detailed in this advisory.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Multinet Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NEC Corporation Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NetBSD Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Network Appliance Not Affected

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Not Affected

Vendor Statement

No Netapp products are vulnerable to this.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nortel Networks Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenBSD Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Oracle Corporation Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

PHP Development Team Affected

Updated:  July 22, 2002

Status

Affected

Vendor Statement

See http://www.php.net/release_4_2_2.php.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Red Hat Inc. Not Affected

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Not Affected

Vendor Statement

None of our commercial releases ship with vulnerable versions of PHP (4.2.0, 4.2.1).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sequent Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SGI Unknown

Notified:  July 22, 2002 Updated: July 24, 2002

Status

Unknown

Vendor Statement

SGI acknowledges the PHP vulnerabilitity reported by CERT and is currently investigating. PHP does not currently ship as part of IRIX so SGI can confirm that base IRIX is not vulnerable. No further information is available at this time. For the protection of all our customers, SGI does not disclose, discuss or confirm vulnerabilities until a full investigation has occurred and any necessary patch(es) or release streams are available for all vulnerable and supported IRIX operating systems. Until SGI has more definitive information to provide, customers are encouraged to assume all security vulnerabilities as exploitable and take appropriate steps according to local site security policies and requirements. As further information becomes available, additional advisories will be issued via the normal SGI security information distribution methods including the wiretap mailing list on http://www.sgi.com/support/security/.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sony Corporation Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Microsystems Inc. Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SuSE Inc. Not Affected

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Not Affected

Vendor Statement

SuSE Linux is not vulnerable to this problem, as we do not ship PHP 4.2.x.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

The SCO Group (SCO Linux) Not Affected

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Not Affected

Vendor Statement

Caldera OpenLinux does not provide either vulnerable version (4.2.0, 4.2.1) of PHP in their products. Therefore, Caldera products are not vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Trustix Not Affected

Updated:  July 24, 2002

Status

Not Affected

Vendor Statement

The TSL team states that none of the versions of the Trustix Secure Linux distribution is vulnerable to the php 4.2.{0,1} vulnerability (CA-2002-21) as none of the TSL versions is shipped with php 4.2.x.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Unisphere Networks Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Unisys Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Wind River Systems Inc. Unknown

Notified:  July 22, 2002 Updated: July 22, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Xerox Corporation Not Affected

Notified:  July 22, 2002 Updated: May 30, 2003

Status

Not Affected

Vendor Statement

A response to this vulnerability is available from our web site: http://www.xerox.com/security.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

View all 46 vendors View less vendors