Welcome to ALLSeek.iNFO - Security related portal. Search crack, serial number, keygen, patch, activation unlock code - PHP Integer Overflows in pack() and unpack() and Bugs in realpath() and unserialize() May Allow Users to Bypass safe

Press CTRL-D to bookmark us

Welcome Guest

Main Menu

Network

Sponsor

Top 10 Sites

Partners

Top Submit news Subscribe

Previous article Back to news list Next article

Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?

PHP Integer Overflows in pack() and unpack() and Bugs in realpath() and unserialize() May Allow Users to Bypass safe_mode and Execute Arbitrary Code

Categorie: Vulnerability
Posted: 2004-12-20 by ReCall
Views: 657
Source: Click here

Current Rating: Not rated

Details

Description: Several vulnerabilities were reported in PHP. A local or remote user may be able to execute arbitrary code on the target system.

Stefan Esser of the Hardened-PHP Project reported a variety of vulnerabilities affecting PHP.

It is reported that the pack() and unpack() functions contain integer overflows [CVE: CAN-2004-1018]. A user may be able to supply specially crafted inputs to bypass safe_mode restrictions and execute arbitrary code with the privileges of the target web service.

It is also reported that a local user can bypass the safe_mode_exec_dir settings when safe_mode is enabled on a multithreaded UNIX/Linux web server by injecting shell commands into the name of the current directory [CVE: CAN-2004-1063].

It is also reported that a path truncation flaw in realpath() allows a user to bypass safe_mode restrictions or to include arbitrary files in certain cases [CVE: CAN-2004-1064].

Two vulnerabilities were reported in the unserialize() function [CVE: CAN-2004-1019]. Negative references or incorrect processing of references may free arbitrary memory addresses, causing arbitrary code to be executed. If a PHP application provides remote user-input to the unserialize() function, these bugs may be exploitable by remote users.

The original advisory is available at:

http://www.hardened-php.net/advisories/012004.txt

Impact: A local or remote user may be able to execute arbitrary code on the target system.

Solution: The vendor has released fixed versions (4.3.10 and 5.0.3), available at:

http://www.php.net/downloads.php

Syndication

Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1232

User comments (post your comments here)

Only registerd members can post comments and articles

Previous article Back to news list Next article

InterJOB.su

LAST QUERIES