Ravens PHP Scripts

PECL Alternative PHP Cache *apc_search_paths* Buffer Overflow Vulnerability
Date: Wednesday, March 26, 2008 @ 23:06:57 CET
Topic: Security


SECUNIA ADVISORY ID: SA29509

VERIFY ADVISORY: http://secunia.com/advisories/29509/

CRITICAL: Moderately critical

IMPACT: Security Bypass, DoS, System access

SOFTWARE: PECL Alternative PHP Cache (APC) Extension 3.x - http://secunia.com/product/18046/

SOLUTION: Update to version 3.0.17. - http://pecl.php.net/package/APC/3.0.17

DESCRIPTION: Daniel Papasian has reported a vulnerability in the PECL Alternative PHP Cache (APC) extension, which can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system. The vulnerability is reported in version 3.0.16. Other versions may also be affected.




The vulnerability is caused due to a boundary error in the "apc_search_paths" function in apc.c. This can be exploited to cause a stack-based buffer overflow e.g. via a specially crafted, overly long filename passed to the "include()" function. Successful exploitation allows execution of arbitrary code.

PROVIDED AND/OR DISCOVERED BY: Daniel Papasian

ORIGINAL ADVISORY: PECL APC: http://pecl.php.net/bugs/bug.php?id=13415

Daniel Papasian: http://papasian.org/~dannyp/apcsmash.php.txt






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3286