logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

Integer overflow in PHP socket_iovec_alloc() function
Date: 2003-03-25

Author : Sir Mordred <mordred@s-mail.com>

//@(#) Mordred Security Labs advisory

Release date: March 25, 2003
Name: Integer overflow in PHP socket_iovec_alloc() function
Versions affected: < 4.3.2
Conditions: PHP must be compiled with --enable-sockets option, which is
turned off by default
Risk: average
Author: Sir Mordred (mordred@s-mail.com)

I. Description:

PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
Please visit http://www.php.net for more information about PHP.

The PHP socket extension implements a low-level interface to the socket
communication functions based on the popular BSD sockets, providing the
possibility to act as a socket server as well as a client...

To enable this extenstion PHP should be compiled with --enable-sockets
option.

II. Details:

There exists an integer overflow in socket_iovec_alloc() function.
When requestiong the following php script, a httpd child will die with
the error message: child pid <pidnum> exit signal Segmentation fault (11)

$ cat t.php
<?php
socket_iovec_alloc(0x20000000);
?>

III. Platforms tested

Linux 2.4 with Apache 1.3.27 / PHP 4.3.1

III. Workaround

Don't use the sockets extension.

IV. Vendor response

Vendor notified, issue will be fixed in PHP 4.3.2.



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy