Info

Disclosure

Mar 09, 2007

Discovery

Unknown

Dates

Exploit

Mar 09, 2007

Solution

Unknown

Description

A remote overflow exists in the PECL Zip extension. The application fails to perform a boundary check for the 'zip:// URL' when copying the data on stack resulting in a stack-based overflow. With a specially overlong 'zip:// URL', an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to PECL Zip extension version 1.8.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

The PHP Group	PECL Zip	1.8.3
The PHP Group	PHP	5.2.0

References

CVE ID: 2007-1399 (see also: NVD)
Bugtraq ID: 22883
Secunia Advisory ID: 24471 24514 25938
ISS X-Force ID: 32889
Milw0rm: 3440
Exploit Database: 3440
VUPEN Advisory: ADV-2007-0898
Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
http://www.php-security.org/MOPB/MOPB-16-2007.html
http://www.us.debian.org/security/2007/dsa-1330
Vendor URL: http://pecl.php.net/package/zip
Generic Exploit URL: http://www.php-security.org/MOPB/code/MOPB-16-2007.php

Credit

Stefan Esser - sesserhardened-php.net - www.hardened-php.net

Direct URL: http://osvdb.org/32782

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

The PHP Group

PECL Zip

PHP

References

Credit