Info

Disclosure

Mar 08, 2007

Discovery

Unknown

Dates

Exploit

Mar 08, 2007

Solution

Unknown

Description

PHP contains a flaw that may allow a malicious user to access arbitrary memory addresses. The issue is due to the shared memory (shmop) function failing to verify if the type of resource supplied is a shmop resource. By using other types of resources it is possible to read and write to shared memory addresses resulting in a loss of integrity and/or availability.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public

Solution

Upgrade to PHP version 4.4.5, PHP version 5.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

The PHP Group	PHP	5.2.1
		4.4.5
		5.2.0
		5.1.x
		5.0.x
		4.x
		4.1.x
		4.2.x
		4.3.x
		4.0.0
		4.0.1
		4.0.2
		4.0.3
		4.0.4
		4.0.5
		4.0.6
		4.4.0
		4.4.1
		4.4.2
		4.4.3
		4.4.4

References

CVE ID: 2007-1376 (see also: NVD)
Bugtraq ID: 22862
Secunia Advisory ID: 24606 24606 25057 25062
Exploit Database: 3426 3427
Milw0rm: 3426 3427
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml
http://www.php-security.org/MOPB/MOPB-15-2007.html
http://www.ubuntu.com/usn/usn-455-1
http://www.us.debian.org/security/2007/dsa-1283
Generic Exploit URL: http://www.php-security.org/MOPB/code/MOPB-15-2007-RSA.php
http://www.php-security.org/MOPB/code/MOPB-15-2007.php
Vendor URL: http://www.php.net/

Credit

Stefan Esser - sesserhardened-php.net - www.hardened-php.net

Direct URL: http://osvdb.org/32781

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

The PHP Group

PHP

References

Credit