---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: PHP Session Handling Double Free Vulnerabilities SECUNIA ADVISORY ID: SA24505 VERIFY ADVISORY: http://secunia.com/advisories/24505/ CRITICAL: Less critical IMPACT: System access WHERE: Local system SOFTWARE: PHP 5.2.x http://secunia.com/product/13446/ PHP 5.1.x http://secunia.com/product/6796/ PHP 5.0.x http://secunia.com/product/3919/ DESCRIPTION: Stefan Esser has reported some vulnerabilities in PHP, which can be exploited by malicious users people to compromise a vulnerable system. 1) A double free error within the "session_regenerate_id()" function can be exploited to execute arbitrary code with the privileges of the PHP interpreter. 2) A double free error within the handling of rejected sessions in PHP's internal storage module can be exploited to execute arbitrary code with the privileges of the PHP interpreter. Successful exploitation requires that a user can e.g. upload and execute malicious PHP scripts. Remote exploitation may be possible, but has not currently been proven. The vulnerabilities are reported in version 5.2.0 and 5.2.1. Other versions may also be affected. SOLUTION: Allow only trusted users to upload and execute PHP scripts. PROVIDED AND/OR DISCOVERED BY: Stefan Esser ORIGINAL ADVISORY: http://www.php-security.org/MOPB/MOPB-22-2007.html http://www.php-security.org/MOPB/MOPB-23-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------