Computer Security
[EN] securityvulns.ru no-pyccku


PHP invalid session id and session_regenerate_id() function double free() vulnerability
Published:17.03.2007
Source:
SecurityVulns ID:7421
Type:library
Threat Level:
5/10
Description:Race conditions on session identifier freeing can lead to double free() operation.
Affected:PHP : PHP 5.2
CVE:CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.)
 CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.)
Original documentdocumentPHP-SECURITY, MOPB-23-2007:PHP 5 Rejected Session Identifier Double Free Vulnerability (17.03.2007)
 documentPHP-SECURITY, MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability (17.03.2007)
Files:PHP 5 session_regenerate_id() Double Free Exploit
 PHP 5 Rejected Session ID Double Free Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod