CVE-2004-1018
PHP < 4.3.10 - Denial of Service and Arbitrary Code Execution via Integer Handling Errors
Title source: manualExploitation Summary
EIP tracks 2 public exploits for CVE-2004-1018. PoCs published by Slythers, Stefan Esser.
AI-analyzed exploit summary This is a vulnerability writeup describing multiple issues in PHP4 and PHP5, including heap-based buffer overflows, memory disclosure, and access control bypasses. It does not contain executable exploit code but references a binary exploit available elsewhere.
Description
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
Exploits (2)
This is a vulnerability writeup describing multiple issues in PHP4 and PHP5, including heap-based buffer overflows, memory disclosure, and access control bypasses. It does not contain executable exploit code but references a binary exploit available elsewhere.
The exploit demonstrates multiple vulnerabilities in PHP4 and PHP5, including heap-based buffer overflows, memory disclosure, and deserialization flaws. The provided scripts showcase a segfault via unserialize() and a memory dump example, highlighting potential for remote code execution and information leakage.