[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Null Byte Interaction Error (Poison Null Byte)

ID: 626Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Variant





Description

The product does not properly handle null bytes or NUL characters when passing data between different representations or components.

Extended Description

A null byte (NUL character) can have different meanings across representations or languages. For example, it is a string terminator in standard C libraries, but Perl and PHP strings do not treat it as a terminator. When two representations are crossed - such as when Perl or PHP invokes underlying C functionality - this can produce an interaction error with unexpected results. Similar issues have been reported for ASP. Other interpreters written in C might also be affected.

Applicable Platforms
Language: PHP
Language: Perl
Language: ASP.NET

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Integrity
 
Unexpected state
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Implementation
 
 Remove null bytes from all incoming strings.
 
  

Relationships

Related CWETypeViewChain
CWE-626 ChildOf CWE-896 Category CWE-888  

Demonstrative Examples
None

Observed Examples

  1. CVE-2005-4155 : NUL byte bypasses PHP regular expression check
  2. CVE-2005-3153 : inserting SQL after a NUL byte bypasses whitelist regexp, enabling SQL injection

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:

  1. Rain Forest Puppy .Poison NULL byte. Phrack 55.
  2. Brett Moore .0x00 vs ASP file upload scripts.
  3. ShAnKaR .ShAnKaR: multiple PHP application poison NULL byte vulnerability.

© 2013 SecPod Technologies