Lucene search

K

new.phf.txt

๐Ÿ—“๏ธย 14 Nov 2000ย 00:00:00Reported byย PrOtOnTypeย 
packetstorm
ย packetstorm
๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 21ย Views

Vulnerability in phf allows buffer overflow and code execution due to unchecked loop conditions.

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`PROBLEM:  
  
...  
  
main(int argc, char *argv[]) {  
entry entries[64];  
  
...  
  
for(x=0;cl[0] != '\0';x++) {  
m=x;  
getword(entries[x].val,cl,'&');  
plustospace(entries[x].val);  
unescape_url(entries[x].val);  
getword(entries[x].name,entries[x].val,'=');  
}  
  
...  
  
The `for' loop does not verify that x is less than 64.  
The `entries' struct being a flat data type will cause  
any data written into the 64th entry to overwrite the  
return pointer, allowing malicious code to be executed.  
  
I have a working exploit for Linux/ix86 that I /may/ post to  
bugtraq when system administrators has had a chance to  
fix their servers.  
  
Yes, I know phf is an old script but it is still fairly common.  
  
This bug is unrelated to the bad chars filter problem that  
is the best known vulnerability of phf.  
  
VULNERABLE VERSIONS:  
  
All known versions of phf (patched and unpatched)  
(excluding fakes, ofcourse)  
  
TO FIX:  
  
Locate and DELETE all versions of phf.  
Do NOT rename the executable, crackers might discover the  
new name and exploit it (this is not uncommon).  
  
/proton  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
14 Nov 2000 00:00Current
7.4High risk
Vulners AI Score7.4
21
.json
Report