CVE-2004-1018

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 4.3.10 PHP versions prior to 5.0.3

Description: The issue involves multiple integer handling errors in PHP, allowing attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code. This can be achieved through various means, including a negative offset value to the shmop write function, integer overflows/underflows in the pack and unpack functions. Additionally, vulnerabilities such as buffer overflows, information leaks, path truncation, and safe mode restriction bypasses have been discovered in functions like pack(), unpack(), safe mode exec dir, realpath(), and unserialize().

Recommendations: For PHP versions prior to 4.3.10, update to version 4.3.10 or later to resolve the issue. For PHP versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of vulnerable functions such as pack(), unpack(), and unserialize() until a patch is available. Restrict access to the safe mode exec dir and realpath() functions to minimize the risk of exploitation.