Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Interesting analysis of the PHP SplObjectStorage Vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Interesting analysis of the PHP SplObjectStorage Vulnerability

There is a vulnerability posted in June under CVE-2010-2225 regarding a bug in the PHP SplObjectStorage. I found an excellent analysis made for this vulnerability, including a POC. More information at http://nibbles.tuxfamily.org/?p=1837#more-1837.

If you use PHP and a vulnerable version, find the patch at http://svn.php.net/viewvc?view=revision&revision=300843.

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

194 Posts
ISC Handler
Jul 4th 2010

Sign Up for Free or Log In to start participating in the conversation!