Lucene search

PRIOn knowledge basePRION:CVE-2009-2626

HistoryDec 01, 2009 - 4:30 p.m.

Information disclosure

2009-12-0116:30:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.108 Low

EPSS

Percentile

94.9%

JSON

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.

CPENameOperatorVersion
phpeq4.3.9
phpeq4.4.9
phpeq3.0
phpeq5.2.9
phpeq4.0 beta1
phpeq3.0.5
phpeq3.0.11
phpeq5.1.5
phpeq5.1.2
phpeq4.0 beta4

Name	Operator	Version
php	eq	4.3.9
php	eq	4.4.9
php	eq	3.0
php	eq	5.2.9
php	eq	4.0 beta1
php	eq	3.0.5
php	eq	3.0.11
php	eq	5.1.5
php	eq	5.1.2
php	eq	4.0 beta4

Rows per page:

1-10 of 1101

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=540605

secunia.com/advisories/37482

securityreason.com/achievement_securityalert/65

svn.php.net/viewvc/php/php-src/branches/PHP_5_3/Zend/zend_ini.c?r1=272370&r2=284156

www.debian.org/security/2009/dsa-1940

www.securityfocus.com/bid/36009

6.1 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.108 Low

EPSS

Percentile

94.9%

JSON

Related for PRION:CVE-2009-2626