PHPDoc Confirm_Phpdoc_Compiled Local Buffer Overflow Vulnerability
BID:23124
Info
PHPDoc Confirm_Phpdoc_Compiled Local Buffer Overflow Vulnerability
| Bugtraq ID: | 23124 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 25 2007 12:00AM |
| Updated: | Mar 26 2007 09:23PM |
| Credit: | rgod is credited with the discovery of this vulnerability. |
| Vulnerable: |
phpDocumentor phpDocumentor 1.3.1 phpDocumentor phpDocumentor 1.3 RC4 phpDocumentor phpDocumentor 1.3 RC3 phpDocumentor phpDocumentor 1.2.3 phpDocumentor phpDocumentor 1.2.2 phpDocumentor phpDocumentor 1.2.1 phpDocumentor phpDocumentor 1.2 |
| Not Vulnerable: | |
Discussion
PHPDoc Confirm_Phpdoc_Compiled Local Buffer Overflow Vulnerability
PHPDoc is prone to a local buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.
An attacker can exploit this issue to execute arbitrary machine code, which may allow the attacker to escalate privileges or exploit other vulnerabilities.
All versions of PHPDoc are considered vulnerable to this issue.
PHPDoc is prone to a local buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.
An attacker can exploit this issue to execute arbitrary machine code, which may allow the attacker to escalate privileges or exploit other vulnerabilities.
All versions of PHPDoc are considered vulnerable to this issue.
Exploit / POC
PHPDoc Confirm_Phpdoc_Compiled Local Buffer Overflow Vulnerability
The following proof-of-concept exploit is available:
The following proof-of-concept exploit is available:
Solution / Fix
PHPDoc Confirm_Phpdoc_Compiled Local Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
PHPDoc Confirm_Phpdoc_Compiled Local Buffer Overflow Vulnerability
References:
References:
- phpDocumentor Home Page (phpDocumentor)
- PHP 5.2.1 with PECL phpDOC local buffer overflow (rgod)