PHP WDDX_Deserialize Buffer Overflow Vulnerability

Bugtraq ID:	22804
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 04 2007 12:00AM
Updated:	Mar 05 2007 05:15PM
Credit:	Stefan Esser is credited with the discovery of this vulnerability.
Vulnerable:	PHP PHP 4.4.6 PHP PHP 4.4.5 PHP PHP 4.4.4 PHP PHP 4.4.3 PHP PHP 4.4.2 PHP PHP 4.4.1 PHP PHP 4.4 .0 PHP PHP 6.0 PHP PHP 5.2 + Debian Linux 4.0 sparc + Debian Linux 4.0 s/390 + Debian Linux 4.0 powerpc + Debian Linux 4.0 mipsel + Debian Linux 4.0 mips + Debian Linux 4.0 m68k + Debian Linux 4.0 ia-64 + Debian Linux 4.0 ia-32 + Debian Linux 4.0 hppa + Debian Linux 4.0 arm + Debian Linux 4.0 amd64 + Debian Linux 4.0 alpha + Debian Linux 4.0
Not Vulnerable:

PHP WDDX_Deserialize Buffer Overflow Vulnerability

PHP is prone to a remotely exploitable buffer-overflow vulnerability because it fails to properly check boundaries when processing client-supplied WDDX packets.

An attacker can exploit this issue to execute malicious code.

NOTE: This issue affects only the latest CVS release of PHP. The vulnerable code has not been released as part of an official PHP release at this time.

PHP WDDX_Deserialize Buffer Overflow Vulnerability

The following proof-of-concept exploit is available:

• /data/vulnerabilities/exploits/PHP_WDDX_rexp.php

PHP WDDX_Deserialize Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

PHP WDDX_Deserialize Buffer Overflow Vulnerability

References:

• MOPB-09-2007:PHP wddx_deserialize() String Append Buffer Overflow Vulnerability (MOAB)
  
• PHP Homepage (PHP)