This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:PHP:PHPZIPURL
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
PHP ZIP URL Wrapper Stack Overflow
|
Release Date |
2009/03/12
|
Update Number |
1385
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: PHP ZIP URL Wrapper Stack Overflow
This signature detects attempts to exploit a known vulnerability in the PHP. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Extended Description
PHP is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects PHP 5.2.0 and PHP with PECL ZIP <= 1.8.3.
Affected Products
- Debian linux 4.0
- Debian linux 4.0 Alpha
- Debian linux 4.0 Amd64
- Debian linux 4.0 Arm
- Debian linux 4.0 Hppa
- Debian linux 4.0 Ia-32
- Debian linux 4.0 Ia-64
- Debian linux 4.0 M68k
- Debian linux 4.0 Mips
- Debian linux 4.0 Mipsel
- Debian linux 4.0 Powerpc
- Debian linux 4.0 S/390
- Debian linux 4.0 Sparc
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva corporate_server 4.0
- Mandriva corporate_server 4.0.0 X86 64
- Mandriva linux_mandrake 2007.0
- Mandriva linux_mandrake 2007.0 X86 64
- Mandriva linux_mandrake 2007.1
- Mandriva linux_mandrake 2007.1 X86 64
- Mandriva multi_network_firewall 2.0.0
- Php pecl_zip 1.8.3
- Php php 5.2
- Suse linux_personal 10.0.0 OSS
- Suse linux_personal 10.1
- Suse linux_personal 9.3.0
- Suse linux_personal 9.3.0 X86 64
- Suse linux_professional 10.0.0 OSS
- Suse linux_professional 10.1
- Suse linux_professional 9.3.0
- Suse linux_professional 9.3.0 X86 64
- Suse novell_linux_desktop 9.0.0
- Suse open-enterprise-server
- Suse opensuse 10.2
- Suse suse_linux_enterprise_sdk 10
- Suse suse_linux_enterprise_server 10
- Suse suse_linux_enterprise_server 8
- Suse suse_linux_enterprise_server 9
- Suse suse_linux_openexchange_server 4.0.0
- Suse suse_linux_retail_solution 8.0.0
- Suse suse_linux_school_server_for_i386
- Suse suse_linux_standard_server 8.0.0
- Suse unitedlinux 1.0.0
References