FreeBSD : php -- _ecalloc Integer Overflow Vulnerability (e329550b-54f7-11db-a5ae-00508d6a62df)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Stefan Esser reports :

The PHP 5 branch of the PHP source code lacks the protection against
possible integer overflows inside ecalloc() that is present in the PHP
4 branch and also for several years part of our Hardening-Patch and
our new Suhosin-Patch.

It was discovered that such an integer overflow can be triggered when
user input is passed to the unserialize() function. Earlier
vulnerabilities in PHP's unserialize() that were also discovered by
one of our audits in December 2004 are unrelated to the newly
discovered flaw, but they have shown, that the unserialize() function
is exposed to user-input in many popular PHP applications. Examples
for applications that use the content of COOKIE variables with
unserialize() are phpBB and Serendipity.

The successful exploitation of this integer overflow will result in
arbitrary code execution.

See also :

http://www.hardened-php.net/advisory_092006.133.html
http://www.nessus.org/u?e0e9be45

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22520 (freebsd_pkg_e329550b54f711dba5ae00508d6a62df.nasl)

Bugtraq ID:

CVE ID: CVE-2006-4812

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now