FreeBSD : php -- memory_limit related vulnerability (dd7aa4f1-102f-11d9-8a8a-000c41e2cdad)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Stefan Esser of e-matters discovered a condition within PHP that may
lead to remote execution of arbitrary code. The memory_limit facility
is used to notify functions when memory contraints have been met.
Under certain conditions, the entry into this facility is able to
interrupt functions such as zend_hash_init() at locations not suitable
for interruption. The result would leave these functions in a
vulnerable state.

An attacker that is able to trigger the memory_limit abort within
zend_hash_init() and is additionally able to control the heap before
the HashTable itself is allocated, is able to supply his own HashTable
destructor pointer. [...]

All mentioned places outside of the extensions are quite easy to
exploit, because the memory allocation up to those places is
deterministic and quite static throughout different PHP versions.

Because the exploit itself consist of supplying an arbitrary
destructor pointer this bug is exploitable on any platform.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 4.2
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19143 (freebsd_pkg_dd7aa4f1102f11d98a8a000c41e2cdad.nasl)

Bugtraq ID: 10725

CVE ID: CVE-2004-0594

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now