Detections
Analytics
FreeBSD : php -- _ecalloc Integer Overflow Vulnerability (e329550b-54f7-11db-a5ae-00508d6a62df)
critical Nessus Plugin ID 22520
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
Stefan Esser reports :The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch.
It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function. Earlier vulnerabilities in PHP's unserialize() that were also discovered by one of our audits in December 2004 are unrelated to the newly discovered flaw, but they have shown, that the unserialize() function is exposed to user-input in many popular PHP applications. Examples for applications that use the content of COOKIE variables with unserialize() are phpBB and Serendipity.
The successful exploitation of this integer overflow will result in arbitrary code execution.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Critical
ID: 22520
File Name: freebsd_pkg_e329550b54f711dba5ae00508d6a62df.nasl
Version: 1.15
Type: local
Family: FreeBSD Local Security Checks
Published: 10/10/2006
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:mod_php5, p-cpe:/a:freebsd:freebsd:php5, p-cpe:/a:freebsd:freebsd:php5-cgi, p-cpe:/a:freebsd:freebsd:php5-cli, p-cpe:/a:freebsd:freebsd:php5-dtc, p-cpe:/a:freebsd:freebsd:php5-horde, p-cpe:/a:freebsd:freebsd:php5-nms, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 10/6/2006
Vulnerability Publication Date: 9/30/2006
Reference Information
CVE: CVE-2006-4812