SECUNIA ADVISORY ID: SA29509

VERIFY ADVISORY: http://secunia.com/advisories/29509/

CRITICAL: Moderately critical

IMPACT: Security Bypass, DoS, System access

SOFTWARE: PECL Alternative PHP Cache (APC) Extension 3.x - http://secunia.com/product/18046/

SOLUTION: Update to version 3.0.17. - http://pecl.php.net/package/APC/3.0.17

DESCRIPTION: Daniel Papasian has reported a vulnerability in the PECL Alternative PHP Cache (APC) extension, which can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system. The vulnerability is reported in version 3.0.16. Other versions may also be affected.

The vulnerability is caused due to a boundary error in the "apc_search_paths" function in apc.c. This can be exploited to cause a stack-based buffer overflow e.g. via a specially crafted, overly long filename passed to the "include()" function. Successful exploitation allows execution of arbitrary code.

PROVIDED AND/OR DISCOVERED BY: Daniel Papasian

ORIGINAL ADVISORY: PECL APC: http://pecl.php.net/bugs/bug.php?id=13415

Daniel Papasian: http://papasian.org/~dannyp/apcsmash.php.txt