phpinfo() Type Confusion Information Leak Vulnerability
Bug #1335652 reported by
Kurt Cancemi
This bug report is a duplicate of:
Bug #1338170: PHP 5 infoleak vulnerability leading to potential SSL key disclosure.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php |
Unknown
|
Unknown
|
|||
php5 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Reported in php as bug #67498 by Stefan Esser.
Here is an excerpt from the bug of some of the capabilities of this security bug:
Because this is only exploitable in case these variables are overwritten
as integers, which is less likely in a remote context this has to be
mostly considered a local information leak only. However if you are
running as mod_php and there is mod_ssl this could be used to steal the
private SSL key from memory (if you can inject PHP code).
I attached the upstream fix.
CVE References
information type: | Public Security → Public |
To post a comment you must log in.
The attachment "bug67948.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]