Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: PHP 4, several vulnerabilities

September 2008 by Vigil@nce

SYNTHESIS

An attacker can use several vulnerabilities of PHP in order to create a denial of service or to execute code.

Gravity: 2/4

Consequences: user access/rights, denial of service of service

Provenance: internet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 04/09/2008

Identifier: VIGILANCE-VUL-8085

IMPACTED PRODUCTS

- PHP [confidential versions]
- Slackware Linux [confidential versions]

DESCRIPTION

Several vulnerabilities were announced in PHP 5.

When attacker can change the PCRE regular expression, he can corrupt its memory in order for example to execute code (VIGILANCE-VUL-7593 (https://vigilance.aql.fr/tree/1/7593)). [grav:1/4; BID-27786, CVE-2008-0674]

When attacker can change the PCRE regular expression, he can corrupt its memory in order for example to execute code (VIGILANCE-VUL-7926 (https://vigilance.aql.fr/tree/1/7926)). [grav:1/4; BID-30087, CVE-2008-2371]

An attacker can generate an overflow in memnstr(). [grav:2/4]

An attacker can create a malicious font in order to create a denial of service in imageloadfont(). [grav:1/4]

A local attacker can use cURL functions to read files by bypassing safe mode restrictions (VIGILANCE-VUL-7524 (https://vigilance.aql.fr/tree/1/7524)). [grav:1/4; BID-27413, CVE-2007-4850]

An attacker can set mbstring.func_overload in .htaccess in order to overwrite the global configuration. [grav:1/4]

These vulnerabilities are local or remote depending on the context.

CHARACTERISTICS

Identifiers: BID-27413, BID-27786, BID-30087, CVE-2007-4850, CVE-2008-0674, CVE-2008-2371, SSA:2008-247-01, VIGILANCE-VUL-8085

https://vigilance.aql.fr/tree/1/8085




See previous articles

    

See next articles