FreeBSD : php -- _ecalloc Integer Overflow Vulnerability (e329550b-54f7-11db-a5ae-00508d6a62df)

Critical Nessus Plugin ID 22520


The remote FreeBSD host is missing one or more security-related updates.


Stefan Esser reports :

The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch.

It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function. Earlier vulnerabilities in PHP's unserialize() that were also discovered by one of our audits in December 2004 are unrelated to the newly discovered flaw, but they have shown, that the unserialize() function is exposed to user-input in many popular PHP applications. Examples for applications that use the content of COOKIE variables with unserialize() are phpBB and Serendipity.

The successful exploitation of this integer overflow will result in arbitrary code execution.


Update the affected packages.

See Also

Plugin Details

Severity: Critical

ID: 22520

File Name: freebsd_pkg_e329550b54f711dba5ae00508d6a62df.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2006/10/10

Modified: 2014/04/02

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mod_php5, p-cpe:/a:freebsd:freebsd:php5, p-cpe:/a:freebsd:freebsd:php5-cgi, p-cpe:/a:freebsd:freebsd:php5-cli, p-cpe:/a:freebsd:freebsd:php5-dtc, p-cpe:/a:freebsd:freebsd:php5-horde, p-cpe:/a:freebsd:freebsd:php5-nms, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2006/10/06

Vulnerability Publication Date: 2006/09/30

Reference Information

CVE: CVE-2006-4812

Secunia: 22280

CWE: 94