|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
Zend Engine I in PHP 4.4.6 and lower, and Zend Engine II in PHP versions 5.2.1 and lower, contain flaws that may allow a remote denial of service. The issue is due to the application not enforcing sanity checks for the depth of nested arrays which allows a remote user to create very deeply nested array structures. Since the destruction of PHP arrays is done in a recursive way, the attempted destruction of the user's deeply nested array will result in a crash when the stack limit is exhausted, leading to a loss of availability for the service.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Availability
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
$ php -r 'echo "a".str_repeat("[]",200000)."=1&a=0";' > postdata
$ curl http://127.0.0.1/phpmyadmin/ -d @postdata
curl: (52) Empty reply from server
|
|
Solution |
Upgrade to version 4.4.8, 5.2.2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Configure your web application firewall to drop high amounts of '[' in variable names.
|
|
Products |
|
PHP
 |
4.0 Beta 1 |
4.0 Beta 2 |
4.0 Beta 3 |
4.0 Beta 4 |
4.0.x |
4.1.x |
4.2.x |
4.4.0 |
4.4.2 |
4.4.1 |
4.3.x |
5.0.x |
4.4.3 |
5.2.0 |
5.2.1 |
4.4.5 |
4.4.6 |
4.4.4 |
5.1.x |
5.0 Release Candidate 3 |
5.0 Release Candidate 2 |
5.0 Release Candidate 1 |
5.0 Beta 4 |
5.0 Beta 3 |
5.0 Beta 2 |
5.0 Beta 1 |
4.0, Release Candidate 2 |
4.0, Release Candidate 1 |
|
|
|
|
|
|
Credit |
- Stefan Esser - sesser
 hardened-php.net - www.hardened-php.net
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
