Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Gentoo: 200306-02 Critical: mod_php Integer Overflow Advisory

gentoo
Calendar Grey June 8, 2003
Dist Gentoo Esm H88
Integer overflows in mod_php fixed; critical local exploit risk addressed. Urgent update advised for Gentoo users.
Integer overflows have been fixed in several php functions.

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-02
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------
From advisories:
"In PHP emalloc() function implements the error safe wrapper around malloc(). Unfortunately this function suffers from an integer overflow and considering the fact that emalloc() is used in many places around PHP source code, it may lead to many serious security issues."
"The function str_repeat(string input, int multiplier) returns input repeated multiplier times.
The implementation of this function suffers from a simple integer overflow caused by a very long second argument and could allow a local/remote attacker in the worst case to gain control over the web server."
"The function array_pad(array input, int pad_size, mixed pad_value) returns a copy of the input padded to size specified by pad_size w...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : mod_php php
SUMMARY : integer overflow
DATE : 2003-06-08 17:47 UTC
EXPLOIT : local
VERSIONS AFFECTED : <mod_php-4.3.2 =mod_php-4.3.2 >=mod_php-4.3.2
CVE :

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround