FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- corruption of $GLOBALS and $this variables via extract() method

Affected packages
php5 < 5.3.4
php52 < 5.2.15

Details

VuXML ID f3148a05-0fa7-11e0-becc-0022156e8794
Discovery 2010-12-10
Entry 2011-01-13

Off-by-one error in the sanity validator for the extract() method allowed attackers to replace the values of $GLOBALS and $this when mode EXTR_OVERWRITE was used.

References

URL http://www.mail-archive.com/[email protected]/msg47722.html
URL http://www.php.net/releases/5_2_15.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.

OSZAR »