PHP Interbase Extension Multiple Remote Buffer Overflow Vulnerabilities

PHP Interbase Extension Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 22976
Remote: Yes
Date Published: 2007-03-15
Relevant URL: http://www.securityfocus.com/bid/22976

Summary:
The PHP Interbase extension is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit these issues to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 4.4.6 and prior versions on Microsoft Windows are vulnerable; other versions may also be affected.

I don’t know if FB uses separate code, but probably the connectivity to FB is affected as well.

C.
—
Claudio Valderrama C.
SW developer, consultant.
http://www.cvalde.net – http://www.firebirdsql.org