CVE-2007-1711 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-1711
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-1711

Description: Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).

CVE Status: Candidate

References: SAID Secunia Advisory: SA24910 Secunia Advisory: SA24924 Secunia Advisory: SA24945 Secunia Advisory: SA24941 Secunia Advisory: SA25025 Secunia Advisory: SA25062 Secunia Advisory: SA25445 Secunia Advisory: SA26235 REDHAT http://rhn.redhat.com/errata/RHSA-2007-0163.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://rhn.redhat.com/errata/RHSA-2007-0154.html MISC http://www.php-security.org/MOPB/MOPB-32-2007.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:087 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:088 GENTOO http://security.gentoo.org/glsa/glsa-200705-19.xml DEBIAN http://www.debian.org/security/2007/dsa-1283 http://www.debian.org/security/2007/dsa-1282 CONFIRM http://docs.info.apple.com/article.html?artnum=306172 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/466166/100/0/threaded BID 23121 25159 APPLE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Return to the previous page.