CVE-2004-1018
CVE-2004-1018
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/24854unverifiedexploitdbwww.exploit-db.com/exploits/24855unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://marc.info/?l=bugtraq&m=110314318531298&w=2https://bugzilla.fedora.us/show_bug.cgi?id=2344https://exchange.xforce.ibmcloud.com/vulnerabilities/18515https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10949https://www.ubuntu.com/usn/usn-99-1/http://www.hardened-php.net/advisories/012004.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2004:151http://www.mandriva.com/security/advisories?name=MDKSA-2005:072http://www.osvdb.org/12411http://www.php.net/release_4_3_10.phphttp://www.redhat.com/support/errata/RHSA-2005-032.htmlhttp://www.redhat.com/support/errata/RHSA-2005-816.html