This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Stefan Esser of e-matters discovered a condition within PHP that may
lead to remote execution of arbitrary code. The memory_limit facility
is used to notify functions when memory contraints have been met.
Under certain conditions, the entry into this facility is able to
interrupt functions such as zend_hash_init() at locations not suitable
for interruption. The result would leave these functions in a
An attacker that is able to trigger the memory_limit abort within
zend_hash_init() and is additionally able to control the heap before
the HashTable itself is allocated, is able to supply his own HashTable
destructor pointer. [...]
All mentioned places outside of the extensions are quite easy to
exploit, because the memory allocation up to those places is
deterministic and quite static throughout different PHP versions.
Because the exploit itself consist of supplying an arbitrary
destructor pointer this bug is exploitable on any platform.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 4.2
Public Exploit Available : true