A vulnerability has been discovered in PHP. This vulnerability could be used by a remote attacker to execute arbitrary code or crash PHP and/or the web server.
PHP is a popular scripting language in widespread use. For more information about PHP, see http://www.php.net/manual/en/faq.general.php.
The vulnerability occurs in the portion of PHP code responsible for handling file uploads, specifically multipart/form-data. By sending a specially crafted POST request to the web server, an attacker can corrupt the internal data structures used by PHP. Specifically, an intruder can cause an improperly initialized memory structure to be freed. In most cases, an intruder can use this flaw to crash PHP or the web server. Under some circumstances, an intruder may be able to take advantage of this flaw to execute arbitrary code with the privileges of the web server.
A remote attacker can execute arbitrary code on a vulnerable system. An attacker may not be able to execute code on x86 architectures due to the way the stack is structured. However, an attacker can leverage this vulnerability to crash PHP and/or the web server running on an x86 architecture.
Apply a patch from your vendor
PHP Development Team Affected
Apple Computer Inc. Not Affected
Conectiva Not Affected
Cray Inc. Not Affected
F5 Networks Not Affected
Guardian Digital Inc. Not Affected
Hewlett-Packard Company Not Affected
IBM Not Affected
Microsoft Corporation Not Affected
Network Appliance Not Affected
Red Hat Inc. Not Affected
SuSE Inc. Not Affected
The SCO Group (SCO Linux) Not Affected
Trustix Not Affected
Xerox Corporation Not Affected
Cisco Systems Inc. Unknown
Compaq Computer Corporation Unknown
Computer Associates Unknown
Data General Unknown
Guardian Digital Inc. Unknown
Juniper Networks Unknown
Lotus Software Unknown
Lucent Technologies Unknown
NEC Corporation Unknown
Nortel Networks Unknown
Oracle Corporation Unknown
Sony Corporation Unknown
Sun Microsystems Inc. Unknown
Unisphere Networks Unknown
Wind River Systems Inc. Unknown
Thanks to e-matters Security for reporting this vulnerability.
This document was written by Ian A Finlay.