|
|
CVE Reference: CVE-2007-1376 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-1376 |
|
|
Description: The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource. |
|
|
CVE Status: Candidate |
|
|
References: UBUNTU http://www.ubuntu.com/usn/usn-455-1 SUSE http://www.novell.com/linux/security/advisories/2007_32_php.html SAID Secunia Advisory: SA24606 Secunia Advisory: SA25062 Secunia Advisory: SA25057 Secunia Advisory: SA25056 OSVDB 32781 MISC http://www.php-security.org/MOPB/MOPB-15-2007.html MILW0RM http://www.milw0rm.com/exploits/3427 http://www.milw0rm.com/exploits/3426 GENTOO http://security.gentoo.org/glsa/glsa-200703-21.xml DEBIAN http://www.debian.org/security/2007/dsa-1283 BID 22862 |
|
| Return to the previous page. |
