Computer Security
[EN] no-pyccku

PHP php_binary / WDDX information leak
SecurityVulns ID:7355
Threat Level:
Description:Fragment of heap memory may be red because of missed variable length checking.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1381 (The wddx_deserialize function in wddx.c and in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.)
 CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.)
Original documentdocumentPHP-SECURITY, MOPB-11-2007:PHP WDDX Session Deserialization Information Leak Vulnerability (06.03.2007)
 documentPHP-SECURITY, MOPB-10-2007:PHP php_binary Session Deserialization Information Leak Vulnerability (06.03.2007)
Files:Exploits PHP php_binary Session Deserialization Information Leak
 PHP WDDX Session Deserialization Stack Information Leak

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod