PHP Zip URL Wrapper Stack Buffer Overflow Vulnerability
BID:22883
CVE-2007-1399 |Info
PHP Zip URL Wrapper Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 22883 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1399 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 08 2007 12:00AM |
| Updated: | Sep 24 2007 04:29PM |
| Credit: | Stefan Esser is credited with the discovery of this vulnerability. |
| Vulnerable: |
SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 10 SuSE Linux Enterprise Server 9 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 10.1 PHP PHP 5.2 PHP PECL ZIP 1.8.3 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: | |
Discussion
PHP Zip URL Wrapper Stack Buffer Overflow Vulnerability
PHP is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects PHP 5.2.0 and PHP with PECL ZIP <= 1.8.3.
PHP is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects PHP 5.2.0 and PHP with PECL ZIP <= 1.8.3.
Exploit / POC
PHP Zip URL Wrapper Stack Buffer Overflow Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
PHP Zip URL Wrapper Stack Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
PHP Zip URL Wrapper Stack Buffer Overflow Vulnerability
References:
References:
- MOPB-16-2007:PHP zip:// URL Wrapper Buffer Overflow Vulnerability (MOPB)
- PHP Website (PHP Website)
- SUSE-SA:2007:020 (SUSE)