Computer Security
[EN] securityvulns.ru no-pyccku


PHP shmop information leak
Published:10.03.2007
Source:
SecurityVulns ID:7373
Type:local
Threat Level:
5/10
Description:By using shared memory via shmop() function, script can obtain content of parent application's memory.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.)
Original documentdocumentPHP-SECURITY, MOPB-15-2007:PHP shmop Functions Resource Verification Vulnerability (10.03.2007)
Files:PHP ext/shmop Code Execution Exploit
 PHP ext/shmop SSL RSA Private-Key Disclosure Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod