The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is this serious? PHP <= 4.4.3 / 5.1.4 (objIndex) Local Buffer Overflow Exploit PoC

Discussion in 'General Discussion' started by BianchiDude, Aug 15, 2006.

  1. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    Is this serious?
    PHP <= 4.4.3 / 5.1.4 (objIndex) Local Buffer Overflow Exploit PoC

    I have php 4.4.2, am I at risk?
    # php -v
    PHP 4.4.2
     
  2. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    Just add sscanf to your php.ini disable_functions line, and you should be fine. It's not a very commonly used function.

    This vulnerability also exists in PHP 4.4.3. Nevertheless you should upgrade to PHP 4.4.3, since several other security issues were fixed in that version.
     
  3. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    Have you been able to get that exploit to work?

    I keep getting a segmentation fault

    [/tmp]# php sscanf.php
    Segmentation fault
     
  4. darkkouta

    darkkouta Well-Known Member

    Joined:
    May 12, 2006
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Shame PHP hasn't mentioned when they're going to bother actually releasing a fixed version instead of leaving it to twiddle its thumbs in CVS, especially since it was reported to them so long ago.
     
  6. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
Loading...

Share This Page