CVE-2009-2626
CVE-2009-2626
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
Affected products
n/a · n/apublic PoCs found — 3
exploitdbwww.exploit-db.com/exploits/10296unverifiedexploitdbwww.exploit-db.com/exploits/33162unverifiedexploitdbwww.exploit-db.com/exploits/33163unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540605http://secunia.com/advisories/37482http://securityreason.com/achievement_securityalert/65http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/Zend/zend_ini.c?r1=272370&r2=284156http://www.debian.org/security/2009/dsa-1940http://www.securityfocus.com/bid/36009