Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker, who controls the first parameter of the fsockopen()
function of PHP, can use it to connect to an unexpected port.

– Impacted products: Debian, PHP.
– Severity: 1/4.
– Creation date: 28/03/2017.

DESCRIPTION OF THE VULNERABILITY

The PHP language offers the fsockopen() function which is used to
open a socket. For example:
fsockopen("192.168.1.1", 80, [...]);

However, the following syntax is also accepted:
fsockopen("192.168.1.1:81", 80, [...]);
In this case, the connection is done on the port 81 instead of 80.

An attacker, who controls the first parameter of the fsockopen()
function of PHP, can therefore use it to connect to an unexpected
port.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/PHP-connection-to-another-port-via-fsockopen-22262