CERT-In Vulnerability Note CIVN-2006-104
PHP unserialize() Array Creation Integer Overflow vulnerability

Original Issue Date: October 12, 2006

Severity Rating: High

System Affected

• PHP versions 5.x
• PHP versions 4.x

Overview

An integer overflow vulnerability has been reported in PHP which could be exploited by remote attacker to execute arbitrary command on the affected system.

Description

An integer overflow vulnerability exists in PHP in the way user input is passed to the unserialize () function for array creation. The function allows deserialisation of previously serialised PHP variables which causes integer overflow inside ecalloc(), when a large value is stored for the number of array elements into the serialised string.

The successful exploitation of the vulnerability via a crafted input string will result in arbitrary code execution on the affected system.

Solution

Apply patch via CVS
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?
r1=1.161&r2=1.162

Refrences

Original Advisory
http://www.hardened-php.net/advisory_092006.133.html

Red Hat
http://rhn.redhat.com/errata/RHSA-2006-0708.html

Secunia
http://secunia.com/advisories/22280/

Security Focus
http://www.securityfocus.com/bid/20349

Fr-SIRT
http://www.frsirt.com/english/advisories/2006/3922

CVE Name
CVE-2006-4812

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003