Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Interesting analysis of the PHP SplObjectStorage Vulnerability InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Interesting analysis of the PHP SplObjectStorage Vulnerability

Published: 2010-07-04
Last Updated: 2010-07-04 20:23:57 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

There is a vulnerability posted in June under CVE-2010-2225 regarding a bug in the PHP SplObjectStorage. I found an excellent analysis made for this vulnerability, including a POC. More information at http://nibbles.tuxfamily.org/?p=1837#more-1837.

If you use PHP and a vulnerable version, find the patch at http://svn.php.net/viewvc?view=revision&revision=300843.

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

0 comment(s)
Diary Archives