Computer Security
[EN] securityvulns.ru no-pyccku


PHP php_binary / WDDX information leak
Published:06.03.2007
Source:
SecurityVulns ID:7355
Type:remote
Threat Level:
5/10
Description:Fragment of heap memory may be red because of missed variable length checking.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.)
 CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.)
Original documentdocumentPHP-SECURITY, MOPB-11-2007:PHP WDDX Session Deserialization Information Leak Vulnerability (06.03.2007)
 documentPHP-SECURITY, MOPB-10-2007:PHP php_binary Session Deserialization Information Leak Vulnerability (06.03.2007)
Files:PHP WDDX Session Deserialization Stack Information Leak
 Exploits PHP php_binary Session Deserialization Information Leak

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod