Security
It is reported that a remote user can supply specially crafted input to an application that uses the wordwrap() function to trigger the overflow and overwrite the heap. According to the report, executing arbitrary code may be difficult, but possible. Impact: A remote user can cause the web service to crash. A remote user may potentially be able to execute arbitrary code on the system. Solution: The vendor has released a fixed version (4.3.0), available at: http://www.php.net/downloads.php Vendor URL: bugs.php.net/bug.php?id=20927 (Links to External Site) Cause: Boundary error Underlying OS: Linux (Any), UNIX (Any), Windows (Any) Reported By: "David F. Skoll" Message History: None. -------------------------------------------------------------------------------- Source Message Contents -------------------------------------------------------------------------------- Date: Fri, 27 Dec 2002 16:43:44 -0500 (EST) From: "David F. Skoll" Subject: Buffer overflow in PHP "wordwrap" function -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is a buffer overflow in PHP's built-in "wordwrap" function for PHP versions greater than 4.1.2 and less than 4.3.0. Please see http://bugs.php.net/bug.php?id=20927 for details. If you use the wordwrap() function on user-supplied input, a specially-crafted input can overflow the allocated buffer and overwrite the heap. Exploit looks very difficult, but still theoretically possible. Status: Bug cause discovered: 10 Dec 2002 PHP team notified: 10 Dec 2002 Bug fixed in CVS: 12 Dec 2002 PHP 4.3.0 released: 27 Dec 2002 Kudos to the PHP team for their extremely rapid reaction. Recommendations: Don't upgrade from 4.1.2 if you are certain there are no security problems with your 4.1.2 setup and you may be vulnerable to the wordwrap() bug. Otherwise, upgrade to 4.3.0 - -- David F. Skoll Roaring Penguin Software Inc. | http://www.roaringpenguin.com GPG fingerprint: 58BB 6D86 6F6F 84D0 2C89 59D1 CD1C CAEE 1362 4131 GPG public key: http://www.roaringpenguin.com/dskoll-key-2003.txt ID: 13624131 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+DMmUzRzK7hNiQTERAngfAKCAz0vUMBS4o+ZMLExpE6Q+ABcKdgCdHVpD 24SOO2IcJ1VPotswMfOQa58= =DX/n -----END PGP SIGNATURE-----
Rating 0/5
Rating: 0/5 (0 votes)
Voting is disabled!


Login

Who's Online

304 user(s) are online (75 user(s) are browsing Publisher)


Members: 0


Guests: 304


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits

Categories