I know there is a lot going on with php right now, so this may need to be merged with another bug. PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values are not overrun. A local attacker can exploit this vulnerability to execute arbitrary PHP scripts within the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Note: It has been further reported in 'MOPB-04-2007:PHP 4 unserialize() ZVAL Reference Counter Overflow', that this issue may be remotely triggered in PHP 4.4.4 environs because many legacy PHP applications still use 'unserialize()' on user supplied data. 'Unserialize()' utilizes the '__wakeup()' method of deserialised objects in an unsafe manner that may lead to remote arbitrary code execution. This BID has been changed to reflect the possibility of remote exploitation in PHP 4.4.4 environments. Reproducible: Didn't try http://www.milw0rm.com/exploits/3396
fixed in 4.4.5? so it's bug 167028, correct me if i'm wrong. *** This bug has been marked as a duplicate of bug 167028 ***
Oops sorry Falco, should be <= 4.4.5 according to http://www.securityfocus.com/bid/22765/info So I gather that 4.4.5 is still vulnerable... Any comments?
There won't be any 4.4.5 in the tree. *** This bug has been marked as a duplicate of bug 167028 ***