Vigil@nce: PHP 4, several vulnerabilities
September 2008 by Vigil@nce
SYNTHESIS
An attacker can use several vulnerabilities of PHP in order to
create a denial of service or to execute code.
Gravity: 2/4
Consequences: user access/rights, denial of service of service
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 04/09/2008
Identifier: VIGILANCE-VUL-8085
IMPACTED PRODUCTS
– PHP [confidential versions]
– Slackware Linux [confidential versions]
DESCRIPTION
Several vulnerabilities were announced in PHP 5.
When attacker can change the PCRE regular expression, he can
corrupt its memory in order for example to execute code
(VIGILANCE-VUL-7593 (https://vigilance.aql.fr/tree/1/7593)).
[grav:1/4; BID-27786, CVE-2008-0674]
When attacker can change the PCRE regular expression, he can
corrupt its memory in order for example to execute code
(VIGILANCE-VUL-7926 (https://vigilance.aql.fr/tree/1/7926)).
[grav:1/4; BID-30087, CVE-2008-2371]
An attacker can generate an overflow in memnstr(). [grav:2/4]
An attacker can create a malicious font in order to create a
denial of service in imageloadfont(). [grav:1/4]
A local attacker can use cURL functions to read files by bypassing
safe mode restrictions (VIGILANCE-VUL-7524 (https://vigilance.aql.fr/tree/1/7524)).
[grav:1/4; BID-27413, CVE-2007-4850]
An attacker can set mbstring.func_overload in .htaccess in order
to overwrite the global configuration. [grav:1/4]
These vulnerabilities are local or remote depending on the context.
CHARACTERISTICS
Identifiers: BID-27413, BID-27786, BID-30087, CVE-2007-4850,
CVE-2008-0674, CVE-2008-2371, SSA:2008-247-01, VIGILANCE-VUL-8085