Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 170583

Summary: dev-lang/php-4.4.6 snmpget buffer overflow
Product: Gentoo Security Reporter: Pierre-Yves Rofes (RETIRED) <py>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: php-bugs
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/24440/
Whiteboard: B? [upstream] py
Package list:
Runtime testing required: ---

Description Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-03-12 15:43:37 UTC 
rgod has reported a vulnerability in PHP4, which can be exploited by
malicious people to bypass certain security restrictions.

The vulnerability is caused due to a boundary error in the
"snmpget()" function. This can be exploited to cause a stack-based
buffer overflow via an overly long argument and execute arbitrary
code, bypassing security restrictions like the "disable_functions"
directive.

The vulnerability is reported in version 4.4.6. Other versions may
also be affected.
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-03-14 00:44:31 UTC 
that's the MOPB, no need to open several bugs for the same app while noone of them is fixed yet.

*** This bug has been marked as a duplicate of bug 169372 ***