Test ID:	1.3.6.1.4.1.25623.1.0.100603
Category:	Web application abuses
Title:	PHP PHP_Binary Heap Information Leak Vulnerability
Summary:	PHP 'php_binary' serialization handler is prone to a heap-; information leak.
Description:	Summary: PHP 'php_binary' serialization handler is prone to a heap- information leak. Vulnerability Insight: The vulnerability exists because of a missing boundary check in the extraction of variable names. Vulnerability Impact: A local attacker can exploit this issue to obtain sensitive information (such as heap offsets and canaries) that may aid in other attacks. Affected Software/OS: PHP4 versions prior to 4.4.5 and PHP5 versions prior to 5.2.1. Solution: This issue was previously disclosed to the PHP development team. It has been fixed in the latest releases. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1380 BugTraq ID: 22805 http://www.securityfocus.com/bid/22805 Debian Security Information: DSA-1282 (Google Search) http://www.debian.org/security/2007/dsa-1282 Debian Security Information: DSA-1283 (Google Search) http://www.debian.org/security/2007/dsa-1283 https://www.exploit-db.com/exploits/3413 http://security.gentoo.org/glsa/glsa-200703-21.xml HPdes Security Advisory: HPSBMA02215 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 HPdes Security Advisory: HPSBTU02232 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 HPdes Security Advisory: SSRT071423 HPdes Security Advisory: SSRT071429 http://www.php-security.org/MOPB/MOPB-10-2007.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792 http://secunia.com/advisories/24514 http://secunia.com/advisories/24606 http://secunia.com/advisories/25025 http://secunia.com/advisories/25056 http://secunia.com/advisories/25057 http://secunia.com/advisories/25062 http://secunia.com/advisories/25423 http://secunia.com/advisories/25850 SuSE Security Announcement: SUSE-SA:2007:020 (Google Search) http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html SuSE Security Announcement: SUSE-SA:2007:032 (Google Search) http://www.novell.com/linux/security/advisories/2007_32_php.html http://www.ubuntu.com/usn/usn-455-1 http://www.vupen.com/english/advisories/2007/1991 http://www.vupen.com/english/advisories/2007/2374
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.