QwikSec

Security Database

CVE

CWE

Training

CVE-2004-1018

Published: Dec 8, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

oval:org.mitre.oval:def:10949

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_MANDRAKE

http://www.php.net/release_4_3_10.php

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_MANDRAKE

http://www.hardened-php.net/advisories/012004.txt

x_refsource_MISC

php-shmopwrite-outofbounds-memory(18515)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_FEDORA

20041219 PHP shmop.c module permits write of arbitrary memory.

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_HP

vdb-entry

x_refsource_BID

20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.