Computer Security

PHP php_binary / WDDX information leak
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



PHP php_binary / WDDX information leak
Published:06.03.2007
Source:PHP-SECURITY
SecurityVulns ID:7355
Type:remote
Level:5/10
Description:Fragment of heap memory may be red because of missed variable length checking.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.)
 CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.)
Original documentdocumentPHP-SECURITY, MOPB-11-2007:PHP WDDX Session Deserialization Information Leak Vulnerability (06.03.2007)
 documentPHP-SECURITY, MOPB-10-2007:PHP php_binary Session Deserialization Information Leak Vulnerability (06.03.2007)
Files:PHP WDDX Session Deserialization Stack Information Leak
 Exploits PHP php_binary Session Deserialization Information Leak
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru