|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function
sir.mordredhushmail.com
Date: Wed Apr 02 2003 - 05:47:18 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
//(#) Mordred Security Labs advisory
Release date: April 1, 2003
Name: Integer overflow in PHP str_repeat() function
Versions affected: all versions
Risk: average
Author: Sir Mordred (mordreds-mail.com)
I. Description:
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
Please visit http://www.php.net for more information about PHP.
II. Details:
The function str_repeat(string input, int multiplier) returns input
repeated multiplier times.
The implementation of this function suffers from a simple integer overflow
caused by
a very long second argument and could allow a local/remote attacker in
the worst case to gain control over the web server.
The following short script will illustrate this vulnerability:
$ cat t.php
<?php
str_repeat(str_repeat("A", 0x2000), 0x40000000);
?>
III. Platforms tested
Linux 2.4 with Apache 1.3.27 / PHP 4.3.1
IV. Vendor response
Vendor has been contacted.
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wmAEARECACAFAj6KztoZHHNpci5tb3JkcmVkQGh1c2htYWlsLmNvbQAKCRAOkXvN4BZr
fJAUAJ9InIO8rApHuK8K4DO52l5EOQqXOQCfUyNJGQnx1fZGhjvzAl34Xa9kXEM=
=Iy5V
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]