Vulnerability Name: CVE-2004-1018 (CCN-18515) Assigned: 2004-12-15 Published: 2004-12-15 Updated: 2020-12-08 Summary: Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. Note : this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Other References: Source: CCN Type: BugTraq Mailing List, Wed Dec 15 2004 - 12:46:20 CST Advisory 01/2004: Multiple vulnerabilities in PHP 4/5 Source: CCN Type: BugTraq Mailing List, Sun Dec 19 2004 - 12:40:54 CSTPHP shmop.c module permits write of arbitrary memory. Source: MITRE Type: CNACVE-2004-1018 Source: BUGTRAQ Type: Issue Tracking, Third Party Advisory20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5 Source: CCN Type: RHSA-2004-687php security update Source: CCN Type: RHSA-2005-031php security update Source: CCN Type: RHSA-2005-032php security update Source: CCN Type: RHSA-2005-816apache Source: MISC Type: Third Party Advisoryhttp://www.hardened-php.net/advisories/012004.txt Source: MANDRAKE Type: Third Party AdvisoryMDKSA-2004:151 Source: MANDRAKE Type: Third Party AdvisoryMDKSA-2005:072 Source: CCN Type: OpenPKG-SA-2004.053PHP Source: OSVDB Type: Broken Link12411 Source: CCN Type: OSVDB ID: 12411PHP unpack() Function Heap Information Leak Source: CCN Type: PHP Web sitePHP 4.3.10 Release Announcement Source: CONFIRM Type: Release Notes, Vendor Advisoryhttp://www.php.net/release_4_3_10.php Source: REDHAT Type: Third Party AdvisoryRHSA-2005:032 Source: REDHAT Type: Third Party AdvisoryRHSA-2005:816 Source: HP Type: Third Party Advisory, VDB EntryHPSBMA01212 Source: BUGTRAQ Type: Third Party Advisory, VDB Entry20041219 PHP shmop.c module permits write of arbitrary memory. Source: BID Type: Third Party Advisory, VDB Entry12045 Source: CCN Type: BID-12045PHP Shared Memory Module Offset Memory Corruption Vulnerability Source: CCN Type: TLSA-2005-50Multiple vulnerabilities exist in php Source: CCN Type: USN-66-1PHP vulnerabilities Source: CCN Type: USN-99-1PHP4 vulnerabilities Source: FEDORA Type: Broken LinkFLSA:2344 Source: XF Type: Third Party Advisory, VDB Entryphp-shmopwrite-outofbounds-memory(18515) Source: XF Type: UNKNOWNphp-shmopwrite-outofbounds-memory(18515) Source: OVAL Type: Third Party Advisoryoval:org.mitre.oval:def:10949 Source: UBUNTU Type: Third Party AdvisoryUSN-99-1 Vulnerable Configuration: Configuration 1 :cpe:/a:php:php:*:*:*:*:*:*:*:* (Version < 4.3.10)Configuration 2 :cpe:/o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:php:php:4.0.5:-:*:*:*:*:*:* OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:* OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:* OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:* OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:* OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:* OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:* OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:* OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:* OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:* OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:* OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:* OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:* OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:* OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:* OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:* OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:* OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:* OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:* OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:* OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:* OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:* OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:* OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:* OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:* OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:* OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:* OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:* OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:* OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:* OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:* OR cpe:/a:php:php:4.3.8:*:*:*:*:*:*:* OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:* OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:* OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:* OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:* OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:* OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:* OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:* OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:* OR cpe:/a:php:php:4.0:rc1:*:*:*:*:*:* OR cpe:/a:php:php:4.0:rc2:*:*:*:*:*:* AND cpe:/a:redhat:stronghold:-:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:2.2:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:* Denotes that component is vulnerable Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:10949 V Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. 2013-04-29 oval:com.redhat.rhsa:def:20050032 P RHSA-2005:032: php security update (Important) 2005-02-15 oval:com.redhat.rhsa:def:20040687 P RHSA-2004:687: php security update (Important) 2004-12-21
BACK
php php *
canonical ubuntu linux 4.10
php php 4.0.5
php php 4.1.1
php php 4.2.0
php php 4.2.1
php php 4.2.3
php php 4.2.2
php php 4.3.0
php php 4.3.4
php php 4.3.9
php php 5.0.0
php php 4.3.3
php php 5.0.2
php php 4.0.0
php php 4.0.1
php php 4.0.2
php php 4.0.3
php php 4.0.4
php php 4.0.6
php php 4.0.7
php php 4.0 beta_4_patch1
php php 4.0 beta1
php php 4.0 beta2
php php 4.0 beta3
php php 4.0 beta4
php php 4.1.0
php php 4.1.2
php php 4.3.1
php php 4.3.2
php php 4.3.5
php php 4.3.6
php php 4.3.7
php php 4.3.8
php php 5.0.0 beta1
php php 5.0.0 beta2
php php 5.0.0 beta3
php php 5.0.0 beta4
php php 5.0.0 rc1
php php 5.0.0 rc2
php php 5.0.0 rc3
php php 5.0.1
php php 4.0 rc1
php php 4.0 rc2
redhat stronghold -
openpkg openpkg current
mandrakesoft mandrake linux corporate server 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
mandrakesoft mandrake linux 9.2
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
mandrakesoft mandrake linux 10.0
redhat enterprise linux 3
openpkg openpkg 2.1
openpkg openpkg 2.2
mandrakesoft mandrake linux 10.1
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 10.1
turbolinux turbolinux home *
mandrakesoft mandrake linux 9.2
mandrakesoft mandrake linux 10.0
mandrakesoft mandrake linux corporate server 2.1