Family: CGI abuses --> Category: infos
php socket_iovec_alloc() integer overflow Vulnerability Scan
Vulnerability Scan Summary
Checks for version of PHP
Detailed Explanation for this Vulnerability Test
The remote host is running a version of PHP which is
older than 4.3.2
There is a flaw in this version which may allow a possible hacker who has the
ability to inject an arbitrary argument to the function socket_iovec_alloc()
to crash the remote service and possibly to execute arbitrary code.
For this attack to work, PHP has to be compiled with the option
--enable-sockets (which is disabled by default), and a possible hacker needs to
be able to pass arbitrary values to socket_iovec_alloc().
Other functions are vulnerable to such flaws : openlog(), socket_recv(),
socket_recvfrom() and emalloc()
Solution : Upgrade to PHP 4.3.2
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.