PHP QUERY_STRING Parameters and Buffer Overflow Vulnerabilities

Secunia ID	SA49014
CVE-ID	CVE-2012-1823, CVE-2012-2311, CVE-2012-2329, CVE-2012-2335, CVE-2012-2336
Release Date	04 May 2012
Last Change	14 May 2012
Criticality	Highly Critical
Solution Status	Vendor Patch
Software	PHP 5.3.x PHP 5.4.x
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Exposure of sensitive information Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
Description	Two vulnerabilities have been reported in PHP, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system. 1) An error when parsing certain QUERY_STRING parameters can be exploited to e.g. disclose the PHP source code or execute arbitrary code. This vulnerability is reported in versions 5.3.12 and prior and versions 5.4.2 and prior. 2) An error in the "apache_request_headers()" function can be exploited to cause a buffer overflow. NOTE: This vulnerability affects version 5.4 only.
Solution	Update to versions 5.4.3 and 5.3.13.
Reported by	1) De Eindbazen 2) Reported in PHP bug report.
Original Advisory	PHP: https://bugs.php.net/bug.php?id=61910 https://bugs.php.net/bug.php?id=61807 http://www.php.net/archive/2012.php#id2012-05-08-1 De Eindbazen: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ US-CERT VU#520827: http://www.kb.cert.org/vuls/id/520827

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.