FreeBSD : php -- _ecalloc Integer Overflow Vulnerability (e329550b-54f7-11db-a5ae-00508d6a62df)

critical Nessus Plugin ID 22520

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Stefan Esser reports :

The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch.

It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function. Earlier vulnerabilities in PHP's unserialize() that were also discovered by one of our audits in December 2004 are unrelated to the newly discovered flaw, but they have shown, that the unserialize() function is exposed to user-input in many popular PHP applications. Examples for applications that use the content of COOKIE variables with unserialize() are phpBB and Serendipity.

The successful exploitation of this integer overflow will result in arbitrary code execution.

Solution

Update the affected packages.

See Also

http://www.hardened-php.net/advisory_092006.133.html

http://www.nessus.org/u?512c71e5

Plugin Details

Severity: Critical

ID: 22520

File Name: freebsd_pkg_e329550b54f711dba5ae00508d6a62df.nasl

Version: 1.15

Type: local

Published: 10/10/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mod_php5, p-cpe:/a:freebsd:freebsd:php5, p-cpe:/a:freebsd:freebsd:php5-cgi, p-cpe:/a:freebsd:freebsd:php5-cli, p-cpe:/a:freebsd:freebsd:php5-dtc, p-cpe:/a:freebsd:freebsd:php5-horde, p-cpe:/a:freebsd:freebsd:php5-nms, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/6/2006

Vulnerability Publication Date: 9/30/2006

Reference Information

CVE: CVE-2006-4812

CWE: 94

Secunia: 22280