Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

php socket_iovec_alloc() integer overflow Vulnerability Scan


Vulnerability Scan Summary
Checks for version of PHP

Detailed Explanation for this Vulnerability Test

The remote host is running a version of PHP which is
older than 4.3.2

There is a flaw in this version which may allow a possible hacker who has the
ability to inject an arbitrary argument to the function socket_iovec_alloc()
to crash the remote service and possibly to execute arbitrary code.

For this attack to work, PHP has to be compiled with the option
--enable-sockets (which is disabled by default), and a possible hacker needs to
be able to pass arbitrary values to socket_iovec_alloc().

Other functions are vulnerable to such flaws : openlog(), socket_recv(),
socket_recvfrom() and emalloc()

Solution : Upgrade to PHP 4.3.2
Threat Level: Low

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.