FreeBSD : php -- memory_limit related vulnerability (dd7aa4f1-102f-11d9-8a8a-000c41e2cdad)

medium Nessus Plugin ID 19143


The remote FreeBSD host is missing one or more security-related updates.


Stefan Esser of e-matters discovered a condition within PHP that may lead to remote execution of arbitrary code. The memory_limit facility is used to notify functions when memory contraints have been met.
Under certain conditions, the entry into this facility is able to interrupt functions such as zend_hash_init() at locations not suitable for interruption. The result would leave these functions in a vulnerable state.

An attacker that is able to trigger the memory_limit abort within zend_hash_init() and is additionally able to control the heap before the HashTable itself is allocated, is able to supply his own HashTable destructor pointer. [...]

All mentioned places outside of the extensions are quite easy to exploit, because the memory allocation up to those places is deterministic and quite static throughout different PHP versions.

Because the exploit itself consist of supplying an arbitrary destructor pointer this bug is exploitable on any platform.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 19143

File Name: freebsd_pkg_dd7aa4f1102f11d98a8a000c41e2cdad.nasl

Version: 1.20

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information


Risk Factor: High

Score: 8.5


Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4.2

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mod_php4, p-cpe:/a:freebsd:freebsd:mod_php4-twig, p-cpe:/a:freebsd:freebsd:mod_php5, p-cpe:/a:freebsd:freebsd:php4, p-cpe:/a:freebsd:freebsd:php4-cgi, p-cpe:/a:freebsd:freebsd:php4-cli, p-cpe:/a:freebsd:freebsd:php4-dtc, p-cpe:/a:freebsd:freebsd:php4-horde, p-cpe:/a:freebsd:freebsd:php4-nms, p-cpe:/a:freebsd:freebsd:php5, p-cpe:/a:freebsd:freebsd:php5-cgi, p-cpe:/a:freebsd:freebsd:php5-cli, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/27/2004

Vulnerability Publication Date: 7/7/2004

Exploitable With


Reference Information

CVE: CVE-2004-0594

BID: 10725