PHP执行任意代码漏洞-一一网

漏洞信息详情

PHP执行任意代码漏洞

CNNVD编号：CNNVD-200407-083

危害等级：中危
CVE编号：
CVE-2004-0594
漏洞类型：

其他
发布时间：

2004-07-27
威胁类型：

远程
更新时间：

2005-10-20
厂商：

avaya
漏洞来源：
Discovery of this …

漏洞简介

PHP 4.x到 4.3.7版本以及5.x 到5.0.0RC3版本的memory_limit函数存在漏洞。在例如当启用register_globals条件下时，远程攻击者在zend_hash_init函数的执行过程中触发memory_limit中止以及在关键数据结构初始化完成之前覆盖HashTable析构函数指针来执行任意代码。

漏洞公告

Please see the referenced advisories for more information.
HP HP-UX B.11.11

HP HP-UX Apache-based Web Server v.2.0.50.00

http://software.hp.com

HP HP-UX B.11.23

HP HP-UX Apache-based Web Server v.2.0.50.00

http://software.hp.com

HP HP-UX B.11.11

HP HP-UX Apache-based Web Server v.2.0.50.00

http://software.hp.com

HP HP-UX B.11.00

HP HP-UX Apache-based Web Server v.2.0.50.00

http://software.hp.com

Apple Mac OS X 10.2.8

Apple Security Update 2005-001 (Mac OS X 10.2.8 Client) 1.0

http://www.apple.com/support/downloads/securityupdate2005001macosx1028
client.html

Apple Mac OS X Server 10.2.8

Apple Security Update 2005-001 (Mac OS X 10.2.8 Server) 1.0

http://www.apple.com/support/downloads/securityupdate2005001macosx1028
server.html

Apple Mac OS X Server 10.3.7

Apple Security Update 2005-001 (Mac OS X 10.3.7 Server) 1.0

http://www.apple.com/support/downloads/securityupdate2005001macosx1037
server.html
Apple Mac OS X 10.3.8 upgrade

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05368&plat
form=osx&method=sa/MacOSXUpdate10.3.8.dmg

Apple Mac OS X 10.3.7

Apple Security Update 2005-001 (Mac OS X 10.3.7 Client) 1.0

http://www.apple.com/support/downloads/securityupdate2005001macosx1037
client.html
Apple Mac OS X 10.3.8 upgrade

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05368&plat
form=osx&method=sa/MacOSXUpdate10.3.8.dmg

PHP PHP 4.0 0

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.0.1

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.0.1 pl2

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.0.2

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.0.3 pl1

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.0.3

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.0.5

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.0.7 RC1

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.0.7 RC2

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.1 .0

PHP PHP 4.3.8

http://www.php.net/downloads.php
SuSE mod_php4-4.1.0-317.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-4.1.0-317.i386
.patch.rpm
SuSE mod_php4-core-4.1.0-317.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-core-4.1.0-317
.i386.patch.rpm
SuSE mod_php4-servlet-4.1.0-317.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-servlet-4.1.0-
317.i386.patch.rpm
SuSE mod_php4-4.1.0-317.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-4.1.0-317.i386
.rpm
SuSE mod_php4-core-4.1.0-317.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-core-4.1.0-317
.i386.rpm
SuSE mod_php4-servlet-4.1.0-317.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-servlet-4.1.0-
317.i386.rpm

PHP PHP 4.2 -dev

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.2.1

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.3

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.3.2

PHP PHP 4.3.8

http://www.php.net/downloads.php

PHP PHP 4.3.5

PHP PHP 4.3.8

http://www.php.net/downloads.php
Trustix mod_php4-4.3.8-1tr.i586.rpmTrustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
Trustix mod_php4-cli-4.3.8-1tr.i586.rpmTrustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
Trustix mod_php4-devel-4.3.8-1tr.i586.rpmTrustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
Trustix mod_php4-domxml-4.3.8-1tr.i586.rpmTrustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
Trustix mod_php4-exif-4.3.8-1tr.i586.rpmTrustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
Trustix mod_php4-gd-4.3.8-1tr.i586.rpmTrustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
Trustix mod_php4-im

参考网址

来源: XF
名称: php-memorylimit-code-execution(16693)
链接:http://xforce.iss.net/xforce/xfdb/16693

来源: TRUSTIX
名称: 2004-0039
链接:http://www.trustix.org/errata/2004/0039/

来源: REDHAT
名称: RHSA-2004:405
链接:http://www.redhat.com/support/errata/RHSA-2004-405.html

来源: REDHAT
名称: RHSA-2004:395
链接:http://www.redhat.com/support/errata/RHSA-2004-395.html

来源: REDHAT
名称: RHSA-2004:392
链接:http://www.redhat.com/support/errata/RHSA-2004-392.html

来源: SUSE
名称: SUSE-SA:2004:021
链接:http://www.novell.com/linux/security/advisories/2004_21_php4.html

来源: MANDRAKE
名称: MDKSA-2004:068
链接:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068

来源: GENTOO
名称: GLSA-200407-13
链接:http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml

来源: DEBIAN
名称: DSA-669
链接:http://www.debian.org/security/2005/dsa-669

来源: DEBIAN
名称: DSA-531
链接:http://www.debian.org/security/2004/dsa-531

来源: OVAL
名称: oval:org.mitre.oval:def:10896
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10896

来源: BUGTRAQ
名称: 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108981780109154&w=2

来源: FULLDISC
名称: 20040714 Advisory 11/2004: PHP memory_limit remote vulnerability
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023908.html

来源: GENTOO
名称: GLSA-200407-13
链接:http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml

来源: BID
名称: 10725
链接:http://www.securityfocus.com/bid/10725

来源: REDHAT
名称: RHSA-2005:816
链接:http://www.redhat.com/support/errata/RHSA-2005-816.html

来源: HP
名称: SSRT4777
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109181600614477&w=2

来源: BUGTRAQ
名称: 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109051444105182&w=2

来源: BUGTRAQ
名称: 20040714 TSSA-2004-013 – php
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108982983426031&w=2

来源: CONECTIVA
名称: CLA-2004:847
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847