Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200804-07 ] PECL APC: Buffer Overflow
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1540

PostPosted: Wed Apr 09, 2008 10:26 am    Post subject: [ GLSA 200804-07 ] PECL APC: Buffer Overflow Reply with quote

Gentoo Linux Security Advisory

Title: PECL APC: Buffer Overflow (GLSA 200804-07)
Severity: high
Exploitable: remote
Date: April 09, 2008
Bug(s): #214576
ID: 200804-07

Synopsis


A buffer overflow vulnerability in PECL APC might allow for the remote
execution of arbitrary code.


Background


PECL Alternative PHP Cache (PECL APC) is a free, open, and robust
framework for caching and optimizing PHP intermediate code.


Affected Packages

Package: dev-php5/pecl-apc
Vulnerable: < 3.0.16-r1
Unaffected: >= 3.0.16-r1
Architectures: All supported architectures


Description


Daniel Papasian discovered a stack-based buffer overflow in the
apc_search_paths() function in the file apc.c when processing long
filenames.


Impact


A remote attacker could exploit this vulnerability to execute arbitrary
code in PHP applications that pass user-controlled input to the
include() function.


Workaround


There is no known workaround at this time.


Resolution


All PECL APC users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-php5/pecl-apc-3.0.16-r1"


References

CVE-2008-1488


Last edited by GLSA on Thu Jun 20, 2013 4:26 am; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum