Back to search
CVE-2007-1376
Published: Mar 10, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
25056
third-party-advisory
x_refsource_SECUNIA
32781
vdb-entry
x_refsource_OSVDB
DSA-1283
vendor-advisory
x_refsource_DEBIAN
24606
third-party-advisory
x_refsource_SECUNIA
GLSA-200703-21
vendor-advisory
x_refsource_GENTOO
25062
third-party-advisory
x_refsource_SECUNIA
3427
exploit
x_refsource_EXPLOIT-DB
USN-455-1
vendor-advisory
x_refsource_UBUNTU
22862
vdb-entry
x_refsource_BID
3426
exploit
x_refsource_EXPLOIT-DB
25057
third-party-advisory
x_refsource_SECUNIA
http://www.php-security.org/MOPB/MOPB-15-2007.html
x_refsource_MISC
SUSE-SA:2007:032
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now