PHP SNMPGet Function Local Buffer Overflow Vulnerability

Bugtraq ID:	22893
Class:	Boundary Condition Error
CVE:	CVE-2007-1413
Remote:	No
Local:	Yes
Published:	Mar 09 2007 12:00AM
Updated:	May 12 2015 07:29PM
Credit:	rgod is credited with the discovery of this vulnerability.
Vulnerable:	PHP PHP 5.2.3 PHP PHP 5.2.2 PHP PHP 5.2.1 + Ubuntu Ubuntu Linux 7.04 sparc + Ubuntu Ubuntu Linux 7.04 powerpc + Ubuntu Ubuntu Linux 7.04 i386 + Ubuntu Ubuntu Linux 7.04 amd64 PHP PHP 4.4.6 PHP PHP 5.2 + Debian Linux 4.0 sparc + Debian Linux 4.0 s/390 + Debian Linux 4.0 powerpc + Debian Linux 4.0 mipsel + Debian Linux 4.0 mips + Debian Linux 4.0 m68k + Debian Linux 4.0 ia-64 + Debian Linux 4.0 ia-32 + Debian Linux 4.0 hppa + Debian Linux 4.0 arm + Debian Linux 4.0 amd64 + Debian Linux 4.0 alpha + Debian Linux 4.0
Not Vulnerable:

PHP SNMPGet Function Local Buffer Overflow Vulnerability

PHP is prone to a local buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 4.4.6 for Microsoft Windows is vulnerable; other versions may also be affected.

PHP SNMPGet Function Local Buffer Overflow Vulnerability

The following proofs of concept and exploits are available:

• /data/vulnerabilities/exploits/22893.php
• /data/vulnerabilities/exploits/22893-2.php
• /data/vulnerabilities/exploits/php_snmpget_exp.txt

PHP SNMPGet Function Local Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

PHP SNMPGet Function Local Buffer Overflow Vulnerability

References:

• PHP Homepage (PHP Group)