Vigil@nce: PHP 4, several vulnerabilities
September 2008 by Vigil@nce
An attacker can use several vulnerabilities of PHP in order to create a denial of service or to execute code.
Consequences: user access/rights, denial of service of service
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 04/09/2008
PHP [confidential versions]
Slackware Linux [confidential versions]
Several vulnerabilities were announced in PHP 5.
When attacker can change the PCRE regular expression, he can corrupt its memory in order for example to execute code (VIGILANCE-VUL-7593 (https://vigilance.aql.fr/tree/1/7593)). [grav:1/4; BID-27786, CVE-2008-0674]
When attacker can change the PCRE regular expression, he can corrupt its memory in order for example to execute code (VIGILANCE-VUL-7926 (https://vigilance.aql.fr/tree/1/7926)). [grav:1/4; BID-30087, CVE-2008-2371]
An attacker can generate an overflow in memnstr(). [grav:2/4]
An attacker can create a malicious font in order to create a denial of service in imageloadfont(). [grav:1/4]
A local attacker can use cURL functions to read files by bypassing safe mode restrictions (VIGILANCE-VUL-7524 (https://vigilance.aql.fr/tree/1/7524)). [grav:1/4; BID-27413, CVE-2007-4850]
An attacker can set mbstring.func_overload in .htaccess in order to overwrite the global configuration. [grav:1/4]
These vulnerabilities are local or remote depending on the context.
Identifiers: BID-27413, BID-27786, BID-30087, CVE-2007-4850, CVE-2008-0674, CVE-2008-2371, SSA:2008-247-01, VIGILANCE-VUL-8085