PHP PHP_Binary Heap Information Leak Vulnerability

PHP 'php_binary' serialization handler is prone to a heap-information leak.

The vulnerability arises because of a missing boundary check in the extraction of variable names. A local attacker can exploit this issue to obtain sensitive information (such as heap offsets and canaries) that may aid in other attacks.

These versions are affected:

PHP4 versions prior to 4.4.5
PHP5 versions prior to 5.2.1

Updates are available.


 

Privacy Statement
Copyright 2010, SecurityFocus