PHP SNMP Extension snmpget Function Object ID Overflow

2007-03-09T02:55:24
ID OSVDB:33950
Type osvdb
Reporter OSVDB
Modified 2007-03-09T02:55:24

Description

Vulnerability Description

PHP contains a flaw that may allow context-dependent attackers to elevate privileges. The issue is due to the snmpget function in the snmp extension not properly sanitizing user-supplied input. By providing an overly long crafted input string to the third argument, an attacker could trigger a buffer overflow and execute arbitrary code.

Short Description

PHP contains a flaw that may allow context-dependent attackers to elevate privileges. The issue is due to the snmpget function in the snmp extension not properly sanitizing user-supplied input. By providing an overly long crafted input string to the third argument, an attacker could trigger a buffer overflow and execute arbitrary code.

References:

Vendor URL: http://www.php.net/ Secunia Advisory ID:24440 Generic Exploit URL: http://www.milw0rm.com/exploits/3439 CVE-2007-1413 Bugtraq ID: 22893