CVE-2011-1938

Priority
Description
Stack-based buffer overflow in the socket_connect function in
ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow
context-dependent attackers to execute arbitrary code via a long pathname
for a UNIX socket.
Assigned-to
sbeattie
Notes
jdstrandPoC in http://www.exploit-db.com/exploits/17318/
stack-protector should reduce to DoS, downgrading to low
mdeslaursays 5.3.3, but reproducer works on lucid also
another PoC: http://www.exploit-db.com/exploits/17486/
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Patches:
Upstream:http://svn.php.net/viewvc?view=revision&revision=311369
Upstream:http://svn.php.net/viewvc?view=revision&revision=311370
Debdiff:https://launchpad.net/bugs/813110
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#stack-protector
More Information

Updated: 2020-03-18 22:06:20 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)