PT-2010-3487 · Php · Php

Published

2010-05-07

Updated

2010-05-10

CVE-2010-1861

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions PHP versions 5.2 through 5.2.13 PHP versions 5.3 through 5.3.2

Description The issue allows context-dependent attackers to write to arbitrary memory addresses. This is achieved by using an object's sleep function to interrupt an internal call to the shm put var function, triggering access of a freed resource.

Recommendations For PHP versions 5.2 through 5.2.13, update to a version later than 5.2.13 to resolve the issue. For PHP versions 5.3 through 5.3.2, update to a version later than 5.3.2 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2010-1861

Affected Products

Php

PT-2010-3487 · Php · Php

CVE-2010-1861

Weakness Enumeration

Related Identifiers

Affected Products

References · 3