VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : 脆弱性脅威分析用情報の定型データ配信
[ about VRDA Feed | JPCERT/CC



 
分析対象脆弱性情報 (リビジョン番号 : 1) [ Download XML
CVE-2012-0807
suhosin: Stack-based buffer overflow in the suhosin_encrypt_...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0807

原文

Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.

翻訳   (表示)





この情報について
分析情報提供元:
NIST NVD
初版公開日:
2012-01-27
分析対象脆弱性情報の分類:
アドバイザリ・注意喚起
最終更新日:
2012-01-27




脆弱性の影響を受ける製品の識別子
cpe:/a:hardened-php:suhosin:0.9.0
cpe:/a:hardened-php:suhosin:0.9.1
cpe:/a:hardened-php:suhosin:0.9.10
cpe:/a:hardened-php:suhosin:0.9.11
cpe:/a:hardened-php:suhosin:0.9.12
cpe:/a:hardened-php:suhosin:0.9.13
cpe:/a:hardened-php:suhosin:0.9.14
cpe:/a:hardened-php:suhosin:0.9.15
cpe:/a:hardened-php:suhosin:0.9.16
cpe:/a:hardened-php:suhosin:0.9.17
cpe:/a:hardened-php:suhosin:0.9.18
cpe:/a:hardened-php:suhosin:0.9.19
cpe:/a:hardened-php:suhosin:0.9.2
cpe:/a:hardened-php:suhosin:0.9.20
cpe:/a:hardened-php:suhosin:0.9.21
cpe:/a:hardened-php:suhosin:0.9.22
cpe:/a:hardened-php:suhosin:0.9.23
cpe:/a:hardened-php:suhosin:0.9.24
cpe:/a:hardened-php:suhosin:0.9.25
cpe:/a:hardened-php:suhosin:0.9.26
cpe:/a:hardened-php:suhosin:0.9.27
cpe:/a:hardened-php:suhosin:0.9.28
cpe:/a:hardened-php:suhosin:0.9.29
cpe:/a:hardened-php:suhosin:0.9.3
cpe:/a:hardened-php:suhosin:0.9.30
cpe:/a:hardened-php:suhosin:0.9.31
cpe:/a:hardened-php:suhosin:0.9.4
cpe:/a:hardened-php:suhosin:0.9.5
cpe:/a:hardened-php:suhosin:0.9.6
cpe:/a:hardened-php:suhosin:0.9.6.1
cpe:/a:hardened-php:suhosin:0.9.6.2
cpe:/a:hardened-php:suhosin:0.9.6.3
cpe:/a:hardened-php:suhosin:0.9.7
cpe:/a:hardened-php:suhosin:0.9.8
cpe:/a:hardened-php:suhosin:0.9.9
cpe:/a:hardened-php:suhosin:0.9.9.1
cpe:/a:hardened-php:suhosin::beta_2006.09.07
cpe:/a:hardened-php:suhosin::beta_2006.09.09
 


脆弱性の分析内容
[攻撃元区分]  [?]
未評価 [?]

ローカル [?]
隣接 [?]
X ネットワーク [?]
[攻撃条件の複雑さ]  [?]
未評価 [?]

X [?]
 [?]
 [?]
[攻撃前の認証要否]  [?]
未評価 [?]

複数 [?]
単一 [?]
X 不要 [?]
[機密性への影響]  [?]
未評価 [?]

影響なし [?]
X 部分的 [?]
全面的 [?]
[完全性への影響]  [?]
未評価 [?]

影響なし [?]
X 部分的 [?]
全面的 [?]
[可用性への影響]  [?]
未評価 [?]

影響なし [?]
X 部分的 [?]
全面的 [?]
関連情報




参考情報
CONFIRM https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa




CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=783350




FULLDISC 20120119 Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow




Vulnerability Type Buffer Errors (CWE-119)




Copyright © 2012 JPCERT/CC All Rights Reserved.