[Bug 1335652] [NEW] phpinfo() Type Confusion Information Leak Vulnerability
Kurt Cancemi
kurt at x64architecture.com
Sun Jun 29 17:57:42 UTC 2014
*** This bug is a security vulnerability ***
Public security bug reported:
Reported in php as bug #67498 by Stefan Esser.
Here is an excerpt from the bug of some of the capabilities of this
security bug:
Because this is only exploitable in case these variables are overwritten
as integers, which is less likely in a remote context this has to be
mostly considered a local information leak only. However if you are
running as mod_php and there is mod_ssl this could be used to steal the
private SSL key from memory (if you can inject PHP code).
I attached the upstream fix.
** Affects: php5 (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "bug67948.patch"
https://bugs.launchpad.net/bugs/1335652/+attachment/4142140/+files/bug67948.patch
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1335652
Title:
phpinfo() Type Confusion Information Leak Vulnerability
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1335652/+subscriptions
More information about the Ubuntu-server-bugs
mailing list