PHP PHP_Binary Heap Information Leak Vulnerability Network Vulnerability

Summary

PHP 'php_binary' serialization handler is prone to a heap- information leak. The vulnerability arises because of a missing boundary check in the extraction of variable names. A local attacker can exploit this issue to obtain sensitive information (such as heap offsets and canaries) that may aid in other attacks. These versions are affected: PHP4 versions prior to 4.4.5 PHP5 versions prior to 5.2.1 Updates are available.

Solution

This issue was previously disclosed to the PHP development team. It has been fixed in the latest releases.

References

http://www.php.net
http://www.securityfocus.com/bid/22805
http://www8.itrc.hp.com/service/cki/docDisplay.do?docId=c01056506

Updated on 2017-03-28

Severity

Classification

CVE CVE-2007-1380

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts Cross Site Scripting Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Apache Struts2 showcase namespace XSS Vulnerability
Admidio get_file.php Remote File Disclosure Vulnerability
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability

Take action and discover your vulnerabilities