PHP Shared Memory Functions Resource Verification Arbitrary Code Execution Vulnerability Network Vulnerability

Summary

PHP shared memory functions (shmop) are prone to an arbitrary-code- execution vulnerability. An attacker may exploit this issue to execute arbitrary code within the context of the affected webserver. The attacker may also gain access to RSA keys of the SSL certificate. This issue affects PHP 4 versions prior to 4.4.5 and PHP 5 versions prior to 5.2.1.

Solution

The vendor released versions 4.4.5 and 5.2.1 to address this issue. Please see the references for more information.

References

http://www.php-security.org/MOPB/MOPB-15-2007.html
http://www.php.net
http://www.securityfocus.com/bid/22862

Updated on 2017-03-28

Severity

Classification

CVE CVE-2007-1376

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AWStats configdir parameter arbitrary cmd exec
AjaXplorer zoho plugin Directory Traversal Vulnerability
Admin Bot 'news.php' SQL Injection Vulnerability
Arkeia Appliance Multiple Vulnerabilities
Apache Axis2 Document Type Declaration Processing Security Vulnerability

Take action and discover your vulnerabilities