Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0594

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2004-0594
Last Modified 07 Mar 2011 09:16:03
Published 27 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-0594

Summary

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Vulnerable Systems

Operating System

  • Redhat Fedora Core Core 1.0

  • Redhat Fedora Core Core 2.0

  • Trustix Secure Linux 1.5

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

Application

  • Avaya Integrated Management

  • Php 3.0

  • Php 3.0.1

  • Php 3.0.10

  • Php 3.0.11

  • Php 3.0.12

  • Php 3.0.13

  • Php 3.0.14

  • Php 3.0.15

  • Php 3.0.16

  • Php 3.0.17

  • Php 3.0.18

  • Php 3.0.2

  • Php 3.0.3

  • Php 3.0.4

  • Php 3.0.5

  • Php 3.0.6

  • Php 3.0.7

  • Php 3.0.8

  • Php 3.0.9

  • Php 4.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.3

  • Php 4.3.1

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 5.0


References

XF - php-memorylimit-code-execution(16693)

TRUSTIX - 2004-0039

REDHAT - RHSA-2004:405

REDHAT - RHSA-2004:395

REDHAT - RHSA-2004:392

SUSE - SUSE-SA:2004:021

MANDRAKE - MDKSA-2004:068

GENTOO - GLSA-200407-13

DEBIAN - DSA-669

DEBIAN - DSA-531

BUGTRAQ - 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability

FULLDISC - 20040714 Advisory 11/2004: PHP memory_limit remote vulnerability

BID - 10725

REDHAT - RHSA-2005:816

HP - SSRT4777

BUGTRAQ - 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)

BUGTRAQ - 20040714 TSSA-2004-013 - php

CONECTIVA - CLA-2004:847


Last Updated: 27 May 2016 10:38:40