FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- arbitrary remote code execution vulnerability

Affected packages
5.3.9 <= php5 < 5.3.10

Details

VuXML ID 3fd040be-4f0b-11e1-9e32-0025900931f8
Discovery 2012-02-02
Entry 2012-02-04
Modified 2012-02-06

Secunia reports:

A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a logic error within the "php_register_variable_ex()" function (php_variables.c) when hashing form posts and updating a hash table, which can be exploited to execute arbitrary code.

References

CVE Name CVE-2012-0830
URL http://secunia.com/advisories/47806/
URL http://www.php.net/archive/2012.php#id2012-02-02-1