PHP Chunk_Split() Function Integer Overflow Vulnerability
TITLE: PHP Chunk_Split() Function Integer Overflow Vulnerability
CLASS: Boundary Condition Error
CVE: CVE-2007-2872
REMOTE: Yes
LOCAL: No
PUBLISHED: May 31 2007 12:00AM
UPDATE: Jun 04 2007 05:30PM
CREDIT: Gerhard Wagner found this vulnerability.
VULNERABLE:
Slackware Linux 10.2
Slackware Linux 11.0
Slackware Linux -current
PHP PHP 5.2.2
PHP PHP 5.2.1
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64
PHP PHP 5.1.6
+ Ubuntu Ubuntu Linux 6.10 sparc
+ Ubuntu Ubuntu Linux 6.10 powerpc
+ Ubuntu Ubuntu Linux 6.10 i386
+ Ubuntu Ubuntu Linux 6.10 amd64
PHP PHP 5.1.5
PHP PHP 5.1.4
PHP PHP 5.1.3
PHP PHP 5.1.3
PHP PHP 5.1.2
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64
PHP PHP 5.1.1
PHP PHP 5.1
PHP PHP 5.0.5
PHP PHP 5.0.4
PHP PHP 5.0.3
+ Trustix Secure Linux 2.2
PHP PHP 5.0.2
PHP PHP 5.0.1
PHP PHP 5.0 candidate 3
PHP PHP 5.0 candidate 2
PHP PHP 5.0 candidate 1
PHP PHP 5.0 .0
PHP PHP 5.2
+ Debian Linux 4.0 sparc
+ Debian Linux 4.0 s/390
+ Debian Linux 4.0 powerpc
+ Debian Linux 4.0 mipsel
+ Debian Linux 4.0 mips
+ Debian Linux 4.0 m68k
+ Debian Linux 4.0 ia-64
+ Debian Linux 4.0 ia-32
+ Debian Linux 4.0 hppa
+ Debian Linux 4.0 arm
+ Debian Linux 4.0 amd64
+ Debian Linux 4.0 alpha
+ Debian Linux 4.0
OpenPKG OpenPKG E1.0-Solid
OpenPKG OpenPKG Current
NOT VULNERABLE: PHP PHP 5.2.3
Vai alla pagina originale su Security Focus
Discussion
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory.
Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects versions of PHP prior to 5.2.3.
Exploit
The following proof of concept is available:
Solution
Solution:
The vendor has released PHP 5.2.3 to address this and other issues. Please see the references for more information.
Slackware Linux -current
Slackware Linux 11.0
PHP PHP 5.2
Slackware Linux 10.2
PHP PHP 5.0 candidate 2
PHP PHP 5.0 .0
PHP PHP 5.0 candidate 3
PHP PHP 5.0 candidate 1
PHP PHP 5.0.1
PHP PHP 5.0.2
PHP PHP 5.0.3
PHP PHP 5.0.4
PHP PHP 5.0.5
PHP PHP 5.1
PHP PHP 5.1.1
PHP PHP 5.1.2
PHP PHP 5.1.3
PHP PHP 5.1.3
PHP PHP 5.1.4
PHP PHP 5.1.5
PHP PHP 5.1.6
PHP PHP 5.2.1
PHP PHP 5.2.2
References
References:
Keywords for this page:
/data/vulnerabilities/exploits/24261 php (from google) first seen: 2007-09-25 13:53:27
t (from google) first seen: 2007-10-30 16:13:07 hit: 19
php chunk (from google) first seen: 2008-01-29 19:04:10 hit: 16
php split function vulnerability (from google) first seen: 2008-02-11 12:24:38
chunk split exploit (from google) first seen: 2008-04-01 19:29:35
php chunk split (from google) first seen: 2008-04-08 13:54:58 hit: 11
chunk split php (from google) first seen: 2008-04-08 22:36:09 hit: 4
php chunk split vulnerability (from google) first seen: 2008-04-15 14:47:42
php split integer (from google) first seen: 2008-08-21 17:34:59 hit: 3
php 5 0 4 exploits (from google) first seen: 2008-08-28 17:43:39
php 5 1 2 vulnerability (from google) first seen: 2008-09-01 10:07:24
php chunk_split() function integer overflow vulnerability exploit (from google) first seen: 2008-09-03 12:50:17
php chunk_split function integer overflow vulnerability (from google) first seen: 2008-09-03 18:04:55
split alpha and integer in php (from google) first seen: 2008-09-05 10:47:29
php 5 1 2 vulnerabilities (from google) first seen: 2008-09-05 22:22:27
exploit linux slackware 10 2 (from google) first seen: 2008-09-08 22:12:48
exploit php 5 0 3 (from google) first seen: 2008-09-11 06:45:01
exploit for php chunk_split() integer overflow (from google) first seen: 2008-09-11 12:24:05
f (from google) first seen: 2008-09-13 10:24:46 hit: 5
php 5 1 2 exploit (from google) first seen: 2008-09-15 09:28:34 hit: 3
this vulnerability affects php 5 2 1 (from google) first seen: 2008-09-15 20:08:30
packages debian amd64 php 5 1 6 (from google) first seen: 2008-09-16 09:48:15
debian php 5 1 amd 64 (from google) first seen: 2008-09-17 16:50:40
php 5 1 5 exploits (from google) first seen: 2008-09-18 02:23:41
php 5 0 3 exploit (from google) first seen: 2008-09-19 07:13:26
split integer php (from google) first seen: 2008-09-20 17:32:31 hit: 2
php 5 2 3 exploit remote (from google) first seen: 2008-09-22 06:40:46
chunk split (from google) first seen: 2008-09-24 09:01:21
php 5 1 exploit (from google) first seen: 2008-09-26 17:40:54 hit: 2
php exploits 5 1 2 (from google) first seen: 2008-10-03 03:55:17
php split overflow (from google) first seen: 2008-10-04 02:29:09
php 5 0 4 exploit (from google) first seen: 2008-10-04 20:17:48 hit: 3
php split int (from google) first seen: 2008-10-06 12:08:23 hit: 2
php integer splitten (from google) first seen: 2008-10-07 02:24:23
vulnerabilities php 5 0 1 (from google) first seen: 2008-10-08 02:11:27
php split integers (from google) first seen: 2008-10-08 15:35:06
php 5 0 5 vulnerabilities (from google) first seen: 2008-10-11 10:37:41
how are functions used with a chunk of php code? (from google) first seen: 2008-10-13 13:27:45
remote exploit php 5 2 3 (from google) first seen: 2008-10-15 16:24:28
php chunk function type (from google) first seen: 2008-10-17 11:48:08
functions used with a chunk of php code (from google) first seen: 2008-10-17 17:12:02
using chunk split php (from google) first seen: 2008-10-21 09:06:06
php 5 1 4 vulnerability (from google) first seen: 2008-10-21 19:38:20
php split (from google) first seen: 2008-10-24 07:09:53 hit: 2
php chunksplit (from google) first seen: 2008-10-25 06:43:22
function split in php5 (from google) first seen: 2008-10-27 00:03:48 hit: 2
download php5 tgz slackware (from google) first seen: 2008-10-27 07:08:33
php/5 1 1 exploit] (from google) first seen: 2008-10-30 14:54:09
php 5 2 3 remote exploit (from google) first seen: 2008-11-02 20:36:29
php/5 1 2 exploit (from google) first seen: 2008-11-03 17:44:29
php function to chunk data (from google) first seen: 2008-11-04 15:36:56
php chunk function (from google) first seen: 2008-11-04 15:58:51
php send chunked function (from google) first seen: 2008-11-05 10:22:16
php split function (from google) first seen: 2008-11-05 10:32:04
ubuntu php int (from google) first seen: 2008-11-05 11:37:30
php 5 exploits (from google) first seen: 2008-11-05 11:38:22
php integer 2 2 to 3 (from google) first seen: 2008-11-05 20:07:03
splitting an integer in php (from google) first seen: 2008-11-06 01:31:34
php/5 1 2 vulnerabilities (from google) first seen: 2008-11-06 17:04:04
exploit for php/5 0 1 (from google) first seen: 2008-11-09 08:32:50
php5 5 0 4 vulnerability (from google) first seen: 2008-11-10 19:14:14
php 5 2 3 exploit (from google) first seen: 2008-11-10 23:45:34 hit: 2
php : 5 2 2 5 0 4 (from google) first seen: 2008-11-11 01:16:19
chunk function in php (from google) first seen: 2008-11-11 06:36:57
php chunk_split php5 problems (from google) first seen: 2008-11-11 07:16:25
google php split function (from google) first seen: 2008-11-14 17:46:07
php integer exploit (from google) first seen: 2008-11-16 10:51:13
how to chunk integer at php (from google) first seen: 2008-11-17 06:48:44
php 5 1 6 exploit (from google) first seen: 2008-11-17 12:17:55
integer split php (from google) first seen: 2008-11-18 14:17:48
php 5 0 2 exploit (from google) first seen: 2008-11-19 01:24:19
exploit php 5 1 2 (from google) first seen: 2008-11-19 14:53:11
php split an integer (from google) first seen: 2008-11-19 17:10:41
php 5 1 6 remote exploit (from google) first seen: 2008-11-19 20:49:29
GoogleBot visited this page on: 2008-11-22 15:39:48