• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: PHP STR_Repeat Boundary Condition Error Vulnerability

Severity: MODERATE

Description:

PHP is a freely available, open source server-side scripting language interpreting engine. It is available for Unix, Linux, and Microsoft Windows.

A problem with the software may allow an attacker to perform unauthorized actions.

It has been reported that a buffer overrun exists in the PHP program. Because of this, an attacker may be able to execute arbitrary code.

The problem is in the str_repeat() function. When this function is executed and a stream of data of excessive length is placed into the buffer, the overwriting of stack variables could occur. This could allow an attacker to execute code with the privileges of the web server process, potentially gaining unauthorized access to the host.

Affected Products:

• Apple Mac OS X 10.0.0
• Apple Mac OS X 10.0.1
• Apple Mac OS X 10.0.2
• Apple Mac OS X 10.0.3
• Apple Mac OS X 10.0.4
• Apple Mac OS X 10.1.0
• Apple Mac OS X 10.1.0
• Apple Mac OS X 10.1.1
• Apple Mac OS X 10.1.2
• Apple Mac OS X 10.1.3
• Apple Mac OS X 10.1.4
• Apple Mac OS X 10.1.5
• Conectiva Linux 7.0.0
• Debian Linux 3.0.0 alpha
• Debian Linux 3.0.0 arm
• Debian Linux 3.0.0 hppa
• Debian Linux 3.0.0 ia-32
• Debian Linux 3.0.0 ia-64
• Debian Linux 3.0.0 m68k
• Debian Linux 3.0.0 mips
• Debian Linux 3.0.0 mipsel
• Debian Linux 3.0.0 ppc
• Debian Linux 3.0.0 s/390
• Debian Linux 3.0.0 sparc
• EnGarde Secure Linux 1.0.1
• Gentoo Linux 1.2.0
• Gentoo Linux 1.4.0 _rc1
• MandrakeSoft Corporate Server 2.1.0
• MandrakeSoft Corporate Server 2.1.0 x86_64
• MandrakeSoft Linux Mandrake 8.2.0
• MandrakeSoft Linux Mandrake 8.2.0 ppc
• MandrakeSoft Linux Mandrake 9.0.0
• MandrakeSoft Linux Mandrake 9.1.0
• MandrakeSoft Linux Mandrake 9.1.0 ppc
• MandrakeSoft Multi Network Firewall 2.0.0
• MandrakeSoft Single Network Firewall 7.2.0
• OpenPKG OpenPKG 1.1.0
• OpenPKG OpenPKG Current
• PHP PHP 4.1.0 .0
• PHP PHP 4.1.1
• PHP PHP 4.1.2
• PHP PHP 4.2.0 .0
• PHP PHP 4.2.1
• PHP PHP 4.2.2
• PHP PHP 4.2.3
• PHP PHP 4.3.0
• PHP PHP 4.3.1
• RedHat Linux 8.0.0
• RedHat Linux 8.0.0 i386
• S.u.S.E. Linux 8.0.0
• S.u.S.E. Linux 8.0.0 i386
• S.u.S.E. Linux 8.1.0
• S.u.S.E. Linux Personal 8.2.0
• Slackware Linux 8.1.0
• Turbolinux Turbolinux Server 7.0.0
• Turbolinux Turbolinux Server 8.0.0
• Turbolinux Turbolinux Workstation 7.0.0
• Turbolinux Turbolinux Workstation 8.0.0

References:

• PHP Group: PHP Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.