PHP memory_limit remote vulnerability

By
Pank
on July 15, 2004 4:41 PM | | Comments (0)

http://security.e-matters.de/advisories/112004.html

Release Date: 2004/07/14
Author: Stefan Esser [s.esser@ematters.de]
Application: PHP <= 4.3.7
PHP5 <= 5.0.0RC3
Severity: A vulnerability within PHP allows remote code execution on PHP servers with activated memory_limit
Risk: Critical

During a reaudit of the memory_limit problematic it was discovered that it is possible for a remote attacker to trigger the memory_limit request termination in places where an interruption is unsafe. This can be abused to execute arbitrary code on remote PHP servers.

Categories:

Leave a comment

Categories

Monthly Archives

Search

March 2009

Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

About this Entry

This page contains a single entry by Pank published on July 15, 2004 4:41 PM.

Linux swap file was the previous entry in this blog.

make libphp4.so for freebsd port installed apache is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.