Vigil@nce: PHP, buffer overflow via socket_connect
May 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can employ the PHP socket_connect() function, to lead
a stack overflow, in order to create a denial of service or to
execute code.
– Severity: 2/4
– Creation date: 24/05/2011
– Revision date: 26/05/2011
IMPACTED PRODUCTS
– PHP
DESCRIPTION OF THE VULNERABILITY
Unix sockets (AF_UNIX) for example allow two processes to exchange
data by connecting to a special file.
The PHP function socket_connect () is used to create a socket
connection. However if an attacker creates a AF_UNIX socket with
the function socket_connect (), the function does not check the
size of the file name parameter when it exceeds the value of
UNIX_PATH_MAX (108) bytes, which causes a buffer overflow.
An attacker can therefore employ the PHP socket_connect()
function, to lead a stack overflow, in order to create a denial of
service or to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-buffer-overflow-via-socket-connect-10679