Design/Logic Flaw

The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service application crash via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be...

CVE-2007-4784

The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service application crash via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be...

CVE-2007-4784

The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service application crash via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be...

CVE-2007-4784

The CVE-2007-4784 issue affects PHP prior to 5.2.4, where setlocale with a very long locale string can trigger a denial of service (application crash). The description notes that this is a context-dependent DoS and may not be exploitable to code execution in multi-threaded web server environments...

CVE-2007-4784

The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service application crash via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be...

PHP multiple DoS conditions

Crash on oversized strings in fnmatch, iconvsubstr, glob and setlocale functions...

PHP < 5.2.4 setlocale() denial of service

Application: PHP 5.2.4 Web Site: http://php.net Platform: unix Bug: denial of service fonction: setlocale special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1 Introduction...

IBM AIX Setlocale本地特权提升漏洞

IBM AIX是一款商业性质的操作系统。 IBM AIX Setlocale函数存在未明问题，本地攻击者可以利用漏洞提升特权。 IBM AIX 5.3 IBM AIX 5.2 IBM AIX 5.1 IBM AIX 5.1 IBM setlocaleifix.tar.Z ftp://aix.software.ibm.com/aix/efixes/security/setlocaleifix.tar.Z IBM AIX 5.2 IBM setlocaleifix.tar.Z...

IBM AIX setlocale调用本地权限提升漏洞

IBM AIX是一款商业性质的UNIX操作系统。 AIX的libc.a文件中的setlocale调用实现上存在漏洞，本地攻击者可以利用其中的漏洞实现权限的提升 IBM AIX 5.3 IBM AIX 5.2 IBM AIX 5.1 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： ftp://aix.software.ibm.com/aix/efixes/security/setlocaleifix.tar.Z...

CVE-2006-4254

Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors...

CVE-2006-4254

CVE-2006-4254 affects IBM AIX 5.1.0 through 5.3.0 via the setlocale() function, enabling local privilege escalation. Connected sources provide concrete exploit code and disclosure of local-privilege pathways (e.g., userland exploitation using crafted inputs and shellcode). Public writeups show at...

CVE-2006-4254

Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors...

IBM AIX setlocale() privilege escalation

No description provided...

CVE-2002-1476

Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LCALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the...

CVE-2002-1476

The CVE-2002-1476 entry describes a buffer overflow in the libc setlocale implementation on NetBSD 1.4.x–1.6 (and possibly other OSes) when LC_ALL is used with a locale string that contains more than 6 elements. This enables a local attacker to potentially execute arbitrary code via the compromis...

CVE-2002-1476

Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LCALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the...

NetBSD Security Advisory 2002-012: buffer overrun in setlocale

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-012 ================================= Topic: buffer overrun in setlocale Severity: local root exploit if X11 xterm is installed. Version: NetBSD-current: source prior to August 8, 2002 NetBSD-1.6 beta:source prior to August 8, 2002...

CVE-2000-1013

The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable...

CVE-2000-1013

The CVE-2000-1013 entry describes a local file read vulnerability in setlocale affecting FreeBSD/5.0 and earlier (and possibly other OSes), where an attacker can read arbitrary files via the LANG environment variable. The NVD entry lists a base CVSS v2 score of 7.2 (HIGH) with local access, low a...

CVE-1999-0964

Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATHLOCALE environment variable...