Saturday, March 3, 2007

PHP "lên dĩa"

Bắt đầu là Month of Browser Bugs, rồi đến Month of Kernel BugsMonth of Apple Bugs, còn bây giờ là Month of PHP Bugs. Chỉ sau 3 ngày, đã có 8 lỗi nghiêm trọng của PHP được công bố!

# Title Description PoC/Exploit References
8 PHP 4 phpinfo() XSS Vulnerability (Deja-vu) phpinfo() does not escape the content of user supplied arrays in GET, POST or COOKIE variables when it displays them which leads to an XSS vulnerability. MOPB-08-2007.phpt HPHP-18-2005
CVE-NO-NAME
7 Zend Platform ini_modifier Local Root Vulnerability The ini_modifier of the Zend Platform can be tricked by a local to edit the system php.ini file, which can be used to obtain root privileges. Not needed CVE-NO-NAME
6 Zend Platform Insecure File Permission Local Root Vulnerability Several binaries and shellscripts installed by the Zend Platform are installed with unsafe permissions that might allow an attacker to gain root privileges. Not needed CVE-NO-NAME
5 PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability Deserialisation of malformed PHP arrays from within unserialize() might result in a tight endless loop exhausting CPU ressources on 64bit systems. Not needed CVE-2007-0988
4 PHP 4 unserialize() ZVAL Reference Counter Overflow During unserialisation of user supplied data that contains a lot of references to a variable the internal 16bit zval reference counter can overflow. This leads to an exploitable double dtor condition. MOPB-04-2007.php CVE-NO-NAME
MOPB-01-2007
3 PHP Variable Destructor Deep Recursion Stack Overflow The destruction of deeply nested PHP arrays will exhaust all available stack which leads to remotely triggerable crashes. Not needed CVE-NO-NAME
2 PHP Executor Deep Recursion Stack Overflow A deep recursion of PHP userland code will exhaust all available stack which leads to a sometimes remotely triggerable crash. Not needed CVE-2006-1549
1 PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability In PHP 4 userland code is able to overflow the internal 16bit zval reference counter by creating many references to a variable. This leads to an exploitable double dtor condition. MOPB-01-2007.php CVE-NO-NAME

1 comment:

ct said...

Toa`n PHP4 nhi?