PHP sqlite Library sqlite_udf_decode_binary() Function Overflow

2007-03-31T16:54:28
ID OSVDB:33958
Type osvdb
Reporter OSVDB
Modified 2007-03-31T16:54:28

Description

Vulnerability Description

PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the in parameter of the sqlite_decode_binary function in the bundled sqlite library not properly sanitizing user-supplied input. By supplying crafted input, an attacker can trigger a buffer overflow and potentially execute arbitrary code.

Solution Description

Upgrade to version 5.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

This issue was originally patched in PHP 5.2.1 but later the patch was enhanced to better work with a non-bundled sqlite2 lib.

Short Description

PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the in parameter of the sqlite_decode_binary function in the bundled sqlite library not properly sanitizing user-supplied input. By supplying crafted input, an attacker can trigger a buffer overflow and potentially execute arbitrary code.

References:

Vendor URL: http://www.php.net/ Vendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_3.php Vendor Specific Advisory URL Secunia Advisory ID:25062 Secunia Advisory ID:24909 Secunia Advisory ID:25057 Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:089 Other Advisory URL: http://www.php-security.org/MOPB/MOPB-41-2007.html Other Advisory URL: http://www.ubuntu.com/usn/usn-455-1 Other Advisory URL: http://www.us.debian.org/security/2007/dsa-1283 FrSIRT Advisory: ADV-2007-2016 CVE-2007-1887 Bugtraq ID: 23235