Red Hat Bugzilla – Bug 127642
CAN-2004-0594 PHP memory_limit issue
Last modified: 2007-11-30 17:07:02 EST
An issue has been found in PHP memory_limit. When the memory_limit is
reached, PHP simply starts request termination, which can abort in
unsafe places. Reported to vendor-sec on July 07 2004.
This issue also affects RHEL 2.1
This issue has been designated CAN-2004-0594
This is going to be RHSA-2004:392
Issue description and mitigating factors:
A memory handling bug in versions of PHP 4 earlier than 4.3.8 has been
discovered by Stefan Esser. If a remote attacker can force the PHP
interpreter to allocate more memory than the "memory_limit" setting in
the PHP configuration before script execution begins, then the
attacker may be able to exploit the interpreter to execute arbitrary
code as the 'apache' user.
The remote attacker may be able to force a large memory allocation
necessary to exploit this issue if using a non-default PHP
configuration with the "register_defaults" setting changed to "On", or
if using a version of Apache httpd 2.0 which is vulnerable to CVE
CAN-2004-0493. In the default configuration, there are no known
methods for exploiting this bug.
These issues are public:
since you are rebuilding, adding back the -devel package "would be
cool". Even if it is not released to RHN, being able to 'rpm
--rebuild' would work
The devel package is produced by rebuilding the PHP source rpm even in
the U2 package; the plan is to include it in RHN from U3 onwards.
Second one is:
Per this URL:
...the synopsis above in comment #6 isn't quite correct. It's
"register_globals", not "register_defaults", if I'm reading it properly.
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.