J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: PHP wordwrap() Heap Corruption Vulnerability

Severity: HIGH

Description:

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

A vulnerability has been discovered in the wordwrap() function which is a built-in PHP function. Under some circumstances it may be possible to trigger a heap corruption bug when supplying input to a script which uses the vulnerable wordwrap() function. This issue exists due to insufficient allocation of memory used to store wrapped text. Memory corrupted through the wordwrap() function may be later referenced by the web server calling the vulnerable script.

A malicious attacker may be able to exploit this issue to overwrite a malloc header stored in the heap. This may cause an arbitrary word in memory to be overwritten when corrupted chunk is released with the free() function. By replacing a Global Offset Table entry with an address pointed to attacker-supplied data, it may be possible for the attacker to execute malicious instructions. Any code executed will be run with the privileges of the web server that ran the vulnerable script.

This vulnerability affects PHP versions greater than 4.1.2 and less than 4.3.0.

Affected Products:

  • Apple Mac OS X 10.0.0
  • Apple Mac OS X 10.0.1
  • Apple Mac OS X 10.0.2
  • Apple Mac OS X 10.0.3
  • Apple Mac OS X 10.0.4
  • Apple Mac OS X 10.1.0
  • Apple Mac OS X 10.1.0
  • Apple Mac OS X 10.1.1
  • Apple Mac OS X 10.1.2
  • Apple Mac OS X 10.1.3
  • Apple Mac OS X 10.1.4
  • Apple Mac OS X 10.1.5
  • Debian Linux 3.0.0 alpha
  • Debian Linux 3.0.0 arm
  • Debian Linux 3.0.0 hppa
  • Debian Linux 3.0.0 ia-32
  • Debian Linux 3.0.0 ia-64
  • Debian Linux 3.0.0 m68k
  • Debian Linux 3.0.0 mips
  • Debian Linux 3.0.0 mipsel
  • Debian Linux 3.0.0 ppc
  • Debian Linux 3.0.0 s/390
  • Debian Linux 3.0.0 sparc
  • EnGarde Secure Linux 1.0.1
  • Gentoo Linux 1.2.0
  • Gentoo Linux 1.4.0 _rc1
  • MandrakeSoft Corporate Server 2.1.0
  • MandrakeSoft Corporate Server 2.1.0 x86_64
  • MandrakeSoft Linux Mandrake 8.2.0
  • MandrakeSoft Linux Mandrake 8.2.0 ppc
  • MandrakeSoft Linux Mandrake 9.0.0
  • MandrakeSoft Multi Network Firewall 2.0.0
  • MandrakeSoft Single Network Firewall 7.2.0
  • OpenPKG OpenPKG 1.1.0
  • PHP PHP 4.1.2
  • PHP PHP 4.2.0 .0
  • PHP PHP 4.2.1
  • PHP PHP 4.2.2
  • PHP PHP 4.2.3
  • RedHat Linux 8.0.0
  • RedHat Linux 8.0.0 i386
  • S.u.S.E. Linux 8.1.0
  • Slackware Linux 8.1.0
  • Turbolinux Turbolinux Server 7.0.0
  • Turbolinux Turbolinux Server 8.0.0
  • Turbolinux Turbolinux Workstation 7.0.0
  • Turbolinux Turbolinux Workstation 8.0.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.