Computer Security

PHP shmop information leak
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



PHP shmop information leak
Published:10.03.2007
Source:PHP-SECURITY
SecurityVulns ID:7373
Type:local
Level:5/10
Description:By using shared memory via shmop() function, script can obtain content of parent application's memory.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.)
Original documentdocumentPHP-SECURITY, MOPB-15-2007:PHP shmop Functions Resource Verification Vulnerability (10.03.2007)
Files:PHP ext/shmop SSL RSA Private-Key Disclosure Exploit
 PHP ext/shmop Code Execution Exploit
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server