FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- php_variables memory disclosure

Affected packages
		mod_php4-twig	<=	4.3.8_2
		php4	<=	4.3.8_2
		php4-cgi	<=	4.3.8_2
		php4-cli	<=	4.3.8_2
		php4-dtc	<=	4.3.8_2
		php4-horde	<=	4.3.8_2
		php4-nms	<=	4.3.8_2
4	<=	mod_php	<=	4.3.8_2,1
4	<=	mod_php4	<=	4.3.8_2,1
		php5	<=	5.0.1
		php5-cgi	<=	5.0.1
		php5-cli	<=	5.0.1
		mod_php5	<=	5.0.1,1

Details

VuXML ID	ad74a1bd-16d2-11d9-bc4a-000c41e2cdad
Discovery	2004-09-15
Entry	2004-10-05

Stefano Di Paola reports:

Bad array parsing in php_variables.c could lead to show arbitrary memory content such as pieces of php code and other data. This affects all GET, POST or COOKIES variables.

[source]

References

Message

1095267581.2818.13.camel@localhost