FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0594

This CVE name corresponds to:

Entered Topic
2004-09-27 php -- memory_limit related vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0594 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0594
Phase Assigned(20040623)

Description

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

References

Source Reference
BUGTRAQ 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability
FULLDISC 20040714 Advisory 11/2004: PHP memory_limit remote vulnerability
BUGTRAQ 20040714 TSSA-2004-013 - php
CONECTIVA CLA-2004:847
DEBIAN DSA-531
DEBIAN DSA-669
GENTOO GLSA-200407-13
HP SSRT4777
MANDRAKE MDKSA-2004:068
REDHAT RHSA-2004:392
REDHAT RHSA-2004:395
REDHAT RHSA-2004:405
REDHAT RHSA-2005:816
SUSE SUSE-SA:2004:021
TRUSTIX 2004-0039
BUGTRAQ 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)
BID 10725
OVAL oval:org.mitre.oval:def:10896
XF php-memorylimit-code-execution(16693)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.