Title: PHP php_formatted_print Function 64 Bit Casting Memory Corruption
Mar 30, 2007
PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to an integer signedness error in the printf function family as used on 64 bit machines. When a negative argument number is passed to the php_formatted_print function before a 64 to 32 bit truncation, it may bypass a check for the maximum allowable value causing memory corruption. This may allow an attacker to execute arbitrary code.
Local Access Required,
Remote / Network Access
Loss of Integrity
Upgrade to version 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.