PECL Alternative PHP Cache *apc_search_paths* Buffer Overflow Vulnerability

Posted on Wednesday, March 26, 2008 @ 23:06:57 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA29509

VERIFY ADVISORY: http://secunia.com/advisories/29509/

CRITICAL: Moderately critical

IMPACT: Security Bypass, DoS, System access

SOFTWARE: PECL Alternative PHP Cache (APC) Extension 3.x - http://secunia.com/product/18046/

SOLUTION: Update to version 3.0.17. - http://pecl.php.net/package/APC/3.0.17

DESCRIPTION: Daniel Papasian has reported a vulnerability in the PECL Alternative PHP Cache (APC) extension, which can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system. The vulnerability is reported in version 3.0.16. Other versions may also be affected.


The vulnerability is caused due to a boundary error in the "apc_search_paths" function in apc.c. This can be exploited to cause a stack-based buffer overflow e.g. via a specially crafted, overly long filename passed to the "include()" function. Successful exploitation allows execution of arbitrary code.

PROVIDED AND/OR DISCOVERED BY: Daniel Papasian

ORIGINAL ADVISORY: PECL APC: http://pecl.php.net/bugs/bug.php?id=13415

Daniel Papasian: http://papasian.org/~dannyp/apcsmash.php.txt
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 361,600,434
  • Today: 14,791
Server InfoServer Info
  • Jul 16, 2018
  • 03:39 am PDT
 
 

Daily Inspiration