PHP 'filter_globals' Struct Arbitrary Code Execution Vulnerability

Bugtraq ID:	52065
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 17 2012 12:00AM
Updated:	Feb 17 2012 12:00AM
Credit:	Worawit Wang
Vulnerable:	PHP PHP 5.2.17 PHP PHP 5.2.15 PHP PHP 5.2.13 PHP PHP 5.2.12 PHP PHP 5.2.11 PHP PHP 5.2.10 PHP PHP 5.2.9 -2 PHP PHP 5.2.9 PHP PHP 5.2.8 PHP PHP 5.2.7 PHP PHP 5.2.6 PHP PHP 5.2.5 PHP PHP 5.2.4 PHP PHP 5.2.3 PHP PHP 5.2.2 PHP PHP 5.2.1 + Ubuntu Ubuntu Linux 7.04 sparc + Ubuntu Ubuntu Linux 7.04 powerpc + Ubuntu Ubuntu Linux 7.04 i386 + Ubuntu Ubuntu Linux 7.04 amd64 PHP PHP 5.2.14 PHP PHP 5.2 + Debian Linux 4.0 sparc + Debian Linux 4.0 s/390 + Debian Linux 4.0 powerpc + Debian Linux 4.0 mipsel + Debian Linux 4.0 mips + Debian Linux 4.0 m68k + Debian Linux 4.0 ia-64 + Debian Linux 4.0 ia-32 + Debian Linux 4.0 hppa + Debian Linux 4.0 arm + Debian Linux 4.0 amd64 + Debian Linux 4.0 alpha + Debian Linux 4.0
Not Vulnerable:	PHP PHP 5.3

PHP 'filter_globals' Struct Arbitrary Code Execution Vulnerability

PHP is prone to an arbitrary-code-execution vulnerability.

An attacker could exploit this issue to execute arbitrary code in the context of the application. Successful exploits will compromise the application and possibly the underlying computer.

PHP 'filter_globals' Struct Arbitrary Code Execution Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

• /data/vulnerabilities/exploits/51830.php

PHP 'filter_globals' Struct Arbitrary Code Execution Vulnerability

Solution:
Updates are available. Please see the references for more information.

PHP 'filter_globals' Struct Arbitrary Code Execution Vulnerability

References:

• PHP Homepage (PHP)