PHP _SESSION Deserialization Global Variable Overwrite

2007-03-24T06:25:28
ID OSVDB:33945
Type osvdb
Reporter OSVDB
Modified 2007-03-24T06:25:28

Description

Vulnerability Description

PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the ability of the deserialization of session data to overwrite arbitrary global variables. This can allow an attacker to execute arbitrary code.

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Short Description

PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the ability of the deserialization of session data to overwrite arbitrary global variables. This can allow an attacker to execute arbitrary code.

References:

Vendor URL: http://www.php.net/ Vendor Specific Advisory URL Secunia Advisory ID:25850 Secunia Advisory ID:25423 Secunia Advisory ID:25445 Other Advisory URL: http://www.php-security.org/MOPB/MOPB-31-2007.html Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0363.html Keyword: HPSBTU02232,SSRT071429 Keyword: HPSBMA02215,SSRT071423 Keyword: HPSBTU02232,SSRT071429,c01086137 Generic Exploit URL: http://www.php-security.org/MOPB/code/MOPB-31-2007.php FrSIRT Advisory: ADV-2007-1991 FrSIRT Advisory: ADV-2007-2374 CVE-2007-1701 Bugtraq ID: 23120