PHP php3_mime_split Function POST Request Overflow

2002-02-27T00:00:00
ID OSVDB:34719
Type osvdb
Reporter Stefan Esser(sesser@hardened-php.net)
Modified 2002-02-27T00:00:00

Description

Vulnerability Description

A remote overflow exists in php. The php3_mime_split function fails to perform proper bounds checking resulting in a heap overflow. By using the HTTP POST method to upload a PHP form containing specially crafted MIME-encoded data, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 4.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in php. The php3_mime_split function fails to perform proper bounds checking resulting in a heap overflow. By using the HTTP POST method to upload a PHP form containing specially crafted MIME-encoded data, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.php.net/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Related OSVDB ID: 720 Other Advisory URL: http://security.e-matters.de/advisories/012002.html Nessus Plugin ID:10867 ISS X-Force ID: 8281 Generic Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2002-03/0040.html CVE-2002-0081 CIAC Advisory: m-049 CERT: CA-2002-05 Bugtraq ID: 4183