CVE-2004-1018

Current Description

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Basic Data

PublishedJanuary 10, 2005
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

Vulnerable Software List

This CVE contains no version information.

References

NameSourceURLTags
20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5http://marc.info/?l=bugtraq&m=110314318531298&w=2BUGTRAQ
http://www.hardened-php.net/advisories/012004.txthttp://www.hardened-php.net/advisories/012004.txtMISC
MDKSA-2004:151http://www.mandriva.com/security/advisories?name=MDKSA-2004:151MANDRAKE
MDKSA-2005:072http://www.mandriva.com/security/advisories?name=MDKSA-2005:072MANDRAKE
12411http://www.osvdb.org/12411OSVDB
http://www.php.net/release_4_3_10.phphttp://www.php.net/release_4_3_10.phpCONFIRM
RHSA-2005:032http://www.redhat.com/support/errata/RHSA-2005-032.htmlREDHAT
RHSA-2005:816http://www.redhat.com/support/errata/RHSA-2005-816.htmlREDHAT
HPSBMA01212http://www.securityfocus.com/advisories/9028HP
20041219 PHP shmop.c module permits write of arbitrary memory.http://www.securityfocus.com/archive/1/384920BUGTRAQ
12045http://www.securityfocus.com/bid/12045BID
FLSA:2344https://bugzilla.fedora.us/show_bug.cgi?id=2344FEDORA
php-shmopwrite-outofbounds-memory(18515)https://exchange.xforce.ibmcloud.com/vulnerabilities/18515XF
oval:org.mitre.oval:def:10949https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10949OVAL
USN-99-1https://www.ubuntu.com/usn/usn-99-1/UBUNTU