|
Systems Affected
PHP version 5.3.x.
PHP version 5.4.x.
PHP version 5.5.x.
Threat Level
Overview
A buffer overflow vulnerability has been reported in PHP, which could allow a remote attacker to execute arbitrary code on the target system.
Description
This vulnerability exists in "dns_get_record()" in "ext/standard/dns.c" in PHP due to inadequate bounds checking while parsing a DNS TXT record. A remote attacker could exploit this vulnerability via specially crafted DNS TXT record response, triggering a heap based buffer overflow.
Successful exploitation of the vulnerability could allow the attacker to execute arbitrary code on the system.
Impact
Solution/ Workarounds
Apply the patch available from the PHP GIT Repository
https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
References
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|
