PHP Buffer Overflow in explode() Function May Let Users Bypass Safe Mode Restrictions
|
|
SecurityTracker Alert ID: 1020995
|
|
SecurityTracker URL: http://securitytracker.com/id?1020995
|
|
CVE Reference: CVE-2008-3659
(Links to External Site)
|
Date: Oct 7 2008
|
Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 4.4.x prior to 4.4.9; 5.6 - 5.2.6
|
Description: A vulnerability was reported in PHP. A user may be able to bypass safe mode restrictions.
A user can set a specially crafted delimiter to trigger a buffer overflow in the explode function and potentially execute arbitrary
code on the target system.
A local user can exploit this to bypass safe_mode restrictions.
[Editor's note: This vulnerability
was original corrected by the vendor in August 2008.]
|
Impact: A user may be able to bypass safe mode restrictions.
|
Solution: The vendor has issued a fix (4.4.9). A source code fix for 5.2.x is available.
|
Vendor URL: www.php.net/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 7 Oct 2008 09:32:56 -0400
Subject: PHP
|
CVE-2008-3659
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through
5.2.6 allows context-dependent attackers to cause a denial of service (crash) and
possibly execute arbitrary code via the delimiter argument to the explode function.
NOTE: the scope of this issue is limited since most applications would not use an
attacker-controlled delimiter, but local attacks against safe_mode are feasible.
|
|
