Summary
PHP 'php_binary' serialization handler is prone to a heap- information leak.
The vulnerability arises because of a missing boundary check in the extraction of variable names. A local attacker can exploit this issue to obtain sensitive information (such as heap offsets and canaries) that may aid in other attacks.
These versions are affected:
PHP4 versions prior to 4.4.5 PHP5 versions prior to 5.2.1
Updates are available.
Solution
This issue was previously disclosed to the PHP development team. It has been fixed in the latest releases.
References
Severity
Classification
-
CVE CVE-2007-1380 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities