CVE-2007-1581

The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hashupdatefile function via a userspace 1 error or 2 stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PH...

PHP <= 5.2.1 hash_update_file() Freed Resource Usage Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

PHP hash_update_file()函数访问已释放资源漏洞

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 在调用PHP的hashupdatefile函数时，该函数首先要检索资源数据，之后从流中读取数据执行哈希运算。恶意的用户空间流处理器可以从读处理器中释放哈希资源，并使用特制的伪造资源替换，其中可能包含有修改过的哈希函数指针表。当内部函数继续执行哈希计算时，就会调用已被覆盖的函数指针，导致执行恶意代码。 PHP PHP = 5.3.2 PHP PHP = 5.2.13 厂商补丁： PHP --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

PHP Hash_Update_File释放资源访问代码执行漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP hashupdatefile存在设计错误，远程攻击者可能利用此漏洞获得对释放内存的访问并使用恶意数据覆盖而执行任意代码。 问题存在于GD函数中，在通过资源识别器获得资源数据后，可能用usercode来中断PHP函数，usercode就会会破坏资源，并获取与其内存相同位置来分配PHP字符串相同大小的空间作为释放资源。这个字符串可以用于建立特定构建的资源，以允许利用内部PHP函数，当恶意中断终止函数时，会继续使用替代资源数据。导致任意代码执行。 要获得需要的函数中断，通常需要放置对象到函数的某个参数中，这会在转化一个超长值时触发PHP错误。...

MOPB-28-2007:PHP hash_update_file&#40;&#41; Already Freed Resource Access Vulnerability

Summary When the hashupdatefile function is called it first retrieves the resource data for further processing. It then reads data from the stream for hashing purposes. A malicious userspace stream hanfler can destroy the hash resource and replace it with a specially prepared fake resource that...

CVE-2007-1581

The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hashupdatefile function via a userspace 1 error or 2 stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PH...

CVE-2007-1581

The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hashupdatefile function via a userspace 1 error or 2 stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PH...

EUVD-2007-1575

The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hashupdatefile function via a userspace 1 error or 2 stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PH...

PHP 5.2.1 - hash_update_file() Freed Resource Usage

PHP 5.2.1 - hashupdatefile Freed Resource Usage ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the...

PHP <= 5.2.1 hash_update_file() Freed Resource Usage Exploit

Exploit for linux platform in category local exploits ============================================================ PHP = 5.2.1 hashupdatefile Freed Resource Usage Exploit ============================================================ ?php...