CVE-2004-0594

Current Description

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Basic Data

PublishedJuly 27, 2004
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.1
SeverityMEDIUM
Exploitability Score4.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareAvayaConverged Communications Server2.0*******
    2.3OSRedhatFedora Corecore_1.0*******
    2.3OSRedhatFedora Corecore_2.0*******
    2.3OSTrustixSecure Linux1.5*******
    2.3OSTrustixSecure Linux2.0*******
    2.3OSTrustixSecure Linux2.1*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAvayaIntegrated Management********
    2.3ApplicationPhpPhp3.0*******
    2.3ApplicationPhpPhp3.0.1*******
    2.3ApplicationPhpPhp3.0.2*******
    2.3ApplicationPhpPhp3.0.3*******
    2.3ApplicationPhpPhp3.0.4*******
    2.3ApplicationPhpPhp3.0.5*******
    2.3ApplicationPhpPhp3.0.6*******
    2.3ApplicationPhpPhp3.0.7*******
    2.3ApplicationPhpPhp3.0.8*******
    2.3ApplicationPhpPhp3.0.9*******
    2.3ApplicationPhpPhp3.0.10*******
    2.3ApplicationPhpPhp3.0.11*******
    2.3ApplicationPhpPhp3.0.12*******
    2.3ApplicationPhpPhp3.0.13*******
    2.3ApplicationPhpPhp3.0.14*******
    2.3ApplicationPhpPhp3.0.15*******
    2.3ApplicationPhpPhp3.0.16*******
    2.3ApplicationPhpPhp3.0.17*******
    2.3ApplicationPhpPhp3.0.18*******
    2.3ApplicationPhpPhp4.0*******
    2.3ApplicationPhpPhp4.0.1*******
    2.3ApplicationPhpPhp4.0.1patch1******
    2.3ApplicationPhpPhp4.0.1patch2******
    2.3ApplicationPhpPhp4.0.2*******
    2.3ApplicationPhpPhp4.0.3*******
    2.3ApplicationPhpPhp4.0.3patch1******
    2.3ApplicationPhpPhp4.0.4*******
    2.3ApplicationPhpPhp4.0.5*******
    2.3ApplicationPhpPhp4.0.6*******
    2.3ApplicationPhpPhp4.0.7*******
    2.3ApplicationPhpPhp4.0.7rc1******
    2.3ApplicationPhpPhp4.0.7rc2******
    2.3ApplicationPhpPhp4.0.7rc3******
    2.3ApplicationPhpPhp4.1.0*******
    2.3ApplicationPhpPhp4.1.1*******
    2.3ApplicationPhpPhp4.1.2*******
    2.3ApplicationPhpPhp4.2*dev*****
    2.3ApplicationPhpPhp4.2.0*******
    2.3ApplicationPhpPhp4.2.1*******
    2.3ApplicationPhpPhp4.2.2*******
    2.3ApplicationPhpPhp4.2.3*******
    2.3ApplicationPhpPhp4.3.0*******
    2.3ApplicationPhpPhp4.3.1*******
    2.3ApplicationPhpPhp4.3.2*******
    2.3ApplicationPhpPhp4.3.3*******
    2.3ApplicationPhpPhp4.3.5*******
    2.3ApplicationPhpPhp4.3.6*******
    2.3ApplicationPhpPhp4.3.7*******
    2.3ApplicationPhpPhp5.0rc1******
    2.3ApplicationPhpPhp5.0rc2******
    2.3ApplicationPhpPhp5.0rc3******
    2.3HardwareAvayaS8300r2.0.0*******
    2.3HardwareAvayaS8300r2.0.1*******
    2.3HardwareAvayaS8500r2.0.0*******
    2.3HardwareAvayaS8500r2.0.1*******
    2.3HardwareAvayaS8700r2.0.0*******
    2.3HardwareAvayaS8700r2.0.1*******

Vulnerable Software List

VendorProductVersions
Avaya S8300 r2.0.0, r2.0.1
Avaya S8500 r2.0.0, r2.0.1
Avaya Integrated Management *
Avaya S8700 r2.0.0, r2.0.1
Avaya Converged Communications Server 2.0
Redhat Fedora Core core_1.0, core_2.0
Php Php 3.0, 3.0.1, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.1.0, 4.1.1, 4.1.2, 4.2, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.5, 4.3.6, 4.3.7, 5.0
Trustix Secure Linux 1.5, 2.0, 2.1

References

NameSourceURLTags
CLA-2004:847http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847CONECTIVA
20040714 Advisory 11/2004: PHP memory_limit remote vulnerabilityhttp://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023908.htmlFULLDISC
20040713 Advisory 11/2004: PHP memory_limit remote vulnerabilityhttp://marc.info/?l=bugtraq&m=108981780109154&w=2BUGTRAQ
20040714 TSSA-2004-013 - phphttp://marc.info/?l=bugtraq&m=108982983426031&w=2BUGTRAQ
20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)http://marc.info/?l=bugtraq&m=109051444105182&w=2BUGTRAQ
SSRT4777http://marc.info/?l=bugtraq&m=109181600614477&w=2HP
DSA-531http://www.debian.org/security/2004/dsa-531DEBIAN
DSA-669http://www.debian.org/security/2005/dsa-669DEBIAN
GLSA-200407-13http://www.gentoo.org/security/en/glsa/glsa-200407-13.xmlGENTOO
MDKSA-2004:068http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068MANDRAKE
SUSE-SA:2004:021http://www.novell.com/linux/security/advisories/2004_21_php4.htmlSUSE
RHSA-2004:392http://www.redhat.com/support/errata/RHSA-2004-392.htmlREDHAT
RHSA-2004:395http://www.redhat.com/support/errata/RHSA-2004-395.htmlREDHAT
RHSA-2004:405http://www.redhat.com/support/errata/RHSA-2004-405.htmlREDHAT
RHSA-2005:816http://www.redhat.com/support/errata/RHSA-2005-816.htmlREDHAT
10725http://www.securityfocus.com/bid/10725BID
2004-0039http://www.trustix.org/errata/2004/0039/TRUSTIX
php-memorylimit-code-execution(16693)https://exchange.xforce.ibmcloud.com/vulnerabilities/16693XF
oval:org.mitre.oval:def:10896https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10896OVAL