SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   PHP Vendors:   PHP Group
PHP phar Unserialize Boundary Error Lets Remote Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1032146
SecurityTracker URL:  http://securitytracker.com/id/1032146
CVE Reference:   CVE-2015-2783   (Links to External Site)
Date:  Apr 17 2015
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.6.8RC1
Description:   A vulnerability was reported in PHP. A remote user can obtain potentially sensitive information on the target system.

A remote user can create a specially crafted phar file that, when loaded by the target application, will trigger a buffer read error in the unserialize() function and obtain potentially sensitive information from memory.

Impact:   A remote user can obtain potentially sensitive information on the target system.
Solution:   The vendor has issued a fix (5.6.8RC1).
Vendor URL:  www.php.net/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 20 2015 (Ubuntu Issues Fix) PHP phar Unserialize Boundary Error Lets Remote Users Obtain Potentially Sensitive Information
Ubuntu has issued a fix for Ubuntu 10.04 LTS, 12.04 LTS, 14.04 LTS, and 14.10.
Jul 10 2015 (Red Hat Issues Fix) PHP phar Unserialize Boundary Error Lets Remote Users Obtain Potentially Sensitive Information
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Oct 1 2015 (Apple Issues Fix for Apple OS X) PHP phar Unserialize Boundary Error Lets Remote Users Obtain Potentially Sensitive Information
Apple has issued a fix for Apple OS X.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC