Site Network: | | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

PHP - Local hacker automatic denial of service

Version: At least version 5.2.3
Technical Details:

PHP's glob function overwrites the EIP register with the first four bytes of the current filename encountered with glob, when a negative integer is set as the flag (optional setting). This leads to a Denial of Service condition for PHP. If the attacker is able to fill other sections of memory with code of their choice, then this vulnerability can be very simply extended to an arbitrary code execution exploit.


An interesting Denial of Service vulnerability has been released for PHP, allowing an attacker who can write arbitrary PHP code to be able to crash PHP and potentially take over the vulnerable server (yet to be tested).

This vulnerability is only of moderate risk at the moment, but if reliable control and exploitation can be achieved - leading to system control, then it will be a Critical risk especially for administrators and owners of systems where virtual hosting is used to allow multiple users access to PHP.


Consider restricting the access to setting flags in glob to authorised users only, or consider replacing calls to glob with equivalent code.


Not Yet Available




External Tracking Data:

Not Yet Identified

Social bookmark this page