CVE-2007-1380 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-1380
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-1380

Description: The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-455-1 SUSE http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://www.novell.com/linux/security/advisories/2007_32_php.html SAID Secunia Advisory: SA24514 Secunia Advisory: SA24606 Secunia Advisory: SA25025 Secunia Advisory: SA25062 Secunia Advisory: SA25057 Secunia Advisory: SA25056 Secunia Advisory: SA25423 Secunia Advisory: SA25850 MISC http://www.php-security.org/MOPB/MOPB-10-2007.html MILW0RM http://www.milw0rm.com/exploits/3413 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 GENTOO http://security.gentoo.org/glsa/glsa-200703-21.xml DEBIAN http://www.debian.org/security/2007/dsa-1283 http://www.debian.org/security/2007/dsa-1282 BID 22805

Return to the previous page.