oss-sec mailing list archives

Re: CVE Request: PHP PECL module APC vulnerable to stack-based buffer overflow

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 24 Mar 2008 18:56:57 -0400 (EDT)


======================================================
Name: CVE-2008-1488
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1488
Reference: MISC:http://papasian.org/~dannyp/apcsmash.php.txt
Reference: CONFIRM:http://pecl.php.net/bugs/bug.php?id=13415

Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC)
3.0.11 through 3.0.16 allows remote attackers to execute arbitrary
code via a long filename.

Current thread:

CVE Request: PHP PECL module APC vulnerable to stack-based buffer overflow Micah Anderson (Mar 22)
- Re: CVE Request: PHP PECL module APC vulnerable to stack-based buffer overflow Steven M. Christey (Mar 24)