11 matches found
CVE-2007-1890
Integer overflow in the msgreceive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff...
CVE-2007-1889
Integer signedness error in the zendmmallocint function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msgreceive wi...
PHP msg_receive 函数存在整形溢出
No description provided by source...
MOPB-43-2007:PHP msg_receive() Memory Allocation Integer Overflow Vulnerabilty
Summary The maxsize parameter of the msgreceive function is used without any check in a memory allocation statement. Due to a possible interger overflow this can result in a too small memory buffer being allocated which leads to an exploitable buffer overflow. However on linux the buffer overflow...
PHP msg_receive() integer overflow
Integer overflow with maxsize parameter...
CVE-2007-1890
Integer overflow in the msgreceive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff...
CVE-2007-1889
Integer signedness error in the zendmmallocint function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msgreceive wi...
CVE-2007-1889
Integer signedness error in the zendmmallocint function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msgreceive wi...
CVE-2007-1889
Integer signedness error in the zendmmallocint function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msgreceive wi...
PHP Msg_Receive()内存分配整数溢出漏洞
BUGTRAQ ID: 23236 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的msgreceive函数实现上存在整数溢出漏洞,本地攻击者可能利用此漏洞提升自己的权限。 PHP的msgreceive函数没有对maxsize参数执行任何检查便直接在内存分配中使用,导致整数溢出。有漏洞的代码如下: PHPFUNCTIONmsgreceive ... if zendparseparametersZENDNUMARGS TSRMLSCC, "rlzlz|blz", &queue, &desiredmsgtype, &outmsgtype,...
PHP 5.1.6 - 'Msg_Receive()' Memory Allocation Integer Overflow
source: https://www.securityfocus.com/bid/23236/info PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory. Exploiting this issue may allow attacker...