Vigil@nce - PHP: buffer overflow of DNS TXT
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow of PHP via DNS TXT, in
order to trigger a denial of service, and possibly to execute code.
– Impacted products: Debian, openSUSE, PHP, Ubuntu
– Severity: 2/4
– Creation date: 12/06/2014
DESCRIPTION OF THE VULNERABILITY
The PHP dns_get_record() function obtain DNS Resource Records
associated with a hostname.
However, if the size of TXT record data in the DNS reply is
greater than the size of the storage array, an overflow occurs.
An attacker can therefore generate a buffer overflow of PHP via
DNS TXT, in order to trigger a denial of service, and possibly to
execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-buffer-overflow-of-DNS-TXT-14894