Month of PHP Bugs – Day 2

Stefan Esser Month of PHP Bugs project is going strong and here are five more vulnerabilities exposed on March 2nd 2007 :

  1. PHP 4 unserialize() ZVAL Reference Counter Overflow During unserialisation of user supplied data that contains a lot of references to a variable the internal 16bit zval reference counter can overflow. This leads to an exploitable double dtor condition.
  2. PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability Deserialisation of malformed PHP arrays from within unserialize() might result in a tight endless loop exhausting CPU ressources on 64bit systems.
  3. Zend Platform Insecure File Permission Local Root Vulnerability Several binaries and shellscripts installed by the Zend Platform are installed with unsafe permissions that might allow an attacker to gain root privileges.
  4. Zend Platform ini_modifier Local Root Vulnerability The ini_modifier of the Zend Platform can be tricked by a local to edit the system php.ini file, which can be used to obtain root privileges.
  5. PHP 4 phpinfo() XSS Vulnerability (Deja-vu) phpinfo() does not escape the content of user supplied arrays in GET, POST or COOKIE variables when it displays them which leads to an XSS vulnerability.

 



Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge