FreeBSD : php -- _ecalloc Integer Overflow Vulnerability (e329550b-54f7-11db-a5ae-00508d6a62df)
Critical Nessus Plugin ID 22520
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionStefan Esser reports :
The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch.
It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function. Earlier vulnerabilities in PHP's unserialize() that were also discovered by one of our audits in December 2004 are unrelated to the newly discovered flaw, but they have shown, that the unserialize() function is exposed to user-input in many popular PHP applications. Examples for applications that use the content of COOKIE variables with unserialize() are phpBB and Serendipity.
The successful exploitation of this integer overflow will result in arbitrary code execution.
SolutionUpdate the affected packages.