Vigil@nce - PHP: buffer overflow of ibase_gen_id
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can create a PHP script using ibase_gen_id() in order
to execute code.
Severity: 2/4
Creation date: 19/08/2010
DESCRIPTION OF THE VULNERABILITY
The PHP function ibase_gen_id() increments the named generator and
returns its new value.
It takes the name of the generator in first arguments. This is a
string which its copied in a local fixed size buffer. However, the
ibase_gen_id() function verifies incorrectly the size of the first
parameter. A attacker can therefore use ibase_gen_id() in order to
generate an overflow.
An attacker can therefore create a PHP script using ibase_gen_id()
in order to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-buffer-overflow-of-ibase-gen-id-9856