CVE-2004-1018

PHP <4.3.10 - RCE

Title source: llm

Description

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Slythers · textdosphp

https://www.exploit-db.com/exploits/24855

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Stefan Esser · textdosphp

https://www.exploit-db.com/exploits/24854

View Code ZIP pw:eip

References (15)

Core 15

Core References

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-032.html

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10949

Third Party Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2005:072

Release Notes, Vendor Advisory x_refsource_confirm

http://www.php.net/release_4_3_10.php

Broken Link vdb-entry x_refsource_osvdb

http://www.osvdb.org/12411

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-816.html

Third Party Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2004:151

Third Party Advisory x_refsource_misc

http://www.hardened-php.net/advisories/012004.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18515

Broken Link vendor-advisory x_refsource_fedora

https://bugzilla.fedora.us/show_bug.cgi?id=2344

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/384920

Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp

http://www.securityfocus.com/advisories/9028

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12045

Issue Tracking, Third Party Advisory mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=110314318531298&w=2

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://www.ubuntu.com/usn/usn-99-1/

Scores

EPSS 0.2419

EPSS Percentile 96.1%

Details

Status published

Products (2)

canonical/ubuntu_linux 4.10

php/php < 4.3.10

Published Jan 10, 2005

Tracked Since Feb 18, 2026