PHP socket_iovec_alloc() Function Overflow

medium Nessus Plugin ID 11468

Synopsis

Arbitrary code may be run on the remote server.

Description

The remote host is running a version of PHP that is older than 4.3.2.

There is a flaw in this version that could allow an attacker who has the ability to inject an arbitrary argument to the function socket_iovec_alloc() to crash the remote service and possibly to execute arbitrary code.

For this attack to work, PHP has to be compiled with the option
--enable-sockets (which is disabled by default), and an attacker needs to be able to pass arbitrary values to socket_iovec_alloc().

Other functions are vulnerable to such flaws : openlog(), socket_recv(), socket_recvfrom() and emalloc()

Solution

Upgrade to PHP 4.3.2.

Plugin Details

Severity: Medium

ID: 11468

File Name: php_socket_iovec_alloc_overflow.nasl

Version: 1.35

Type: remote

Family: CGI abuses

Published: 3/25/2003

Updated: 11/22/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Exploit Ease: No exploit is required

Patch Publication Date: 5/29/2003

Vulnerability Publication Date: 3/25/2003

Reference Information

CVE: CVE-2003-0166

BID: 7187, 7197, 7198, 7199, 7256, 7259