PHP wddx Extension Unspecified Information Disclosure

2007-02-09T07:18:50
ID OSVDB:32766
Type osvdb
Reporter OSVDB
Modified 2007-02-09T07:18:50

Description

Vulnerability Description

PHP contains a flaw that may allow a context-dependent attacker to gain access to privileged information. The issue is due to the WDDX deserializer in the wddx extension not properly initializing the key_length variable for numerical keys. This may allow an attacker to read arbitrary parts of the stack memory via a crafted wddxPacket alement.

Solution Description

Upgrade to version 4.4.5, 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP contains a flaw that may allow a context-dependent attacker to gain access to privileged information. The issue is due to the WDDX deserializer in the wddx extension not properly initializing the key_length variable for numerical keys. This may allow an attacker to read arbitrary parts of the stack memory via a crafted wddxPacket alement.

References:

Vendor URL: http://www.php.net/ Vendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_1.php Vendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1 Vendor Specific Advisory URL Secunia Advisory ID:24089 Secunia Advisory ID:24241 Secunia Advisory ID:24295 Secunia Advisory ID:24421 Secunia Advisory ID:24284 Secunia Advisory ID:27102 Secunia Advisory ID:24195 Secunia Advisory ID:24282 Secunia Advisory ID:24514 Secunia Advisory ID:24217 Secunia Advisory ID:24326 Secunia Advisory ID:24432 Secunia Advisory ID:24419 Secunia Advisory ID:24606 Secunia Advisory ID:24248 Secunia Advisory ID:24322 Secunia Advisory ID:24236 Secunia Advisory ID:24642 Related OSVDB ID: 32763 Related OSVDB ID: 34706 Related OSVDB ID: 32762 Related OSVDB ID: 32768 Related OSVDB ID: 32764 Related OSVDB ID: 32767 RedHat RHSA: RHSA-2007:0076 RedHat RHSA: RHSA-2007:0081 RedHat RHSA: RHSA-2007:0089 Other Advisory URL: http://fedoranews.org/cms/node/2681 Other Advisory URL: https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html Other Advisory URL: http://www.us.debian.org/security/2007/dsa-1264 Other Advisory URL: http://www.php-security.org/MOPB/MOPB-11-2007.html Other Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm Other Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml Other Advisory URL: http://fedoranews.org/cms/node/2720 Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:048 Other Advisory URL: http://www.trustix.org/errata/2007/0009/ Generic Exploit URL: http://www.php-security.org/MOPB/code/MOPB-11-2007.php CVE-2007-0908