c337d4d682
SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow Release Date: 2012/01/19 Last Modified: 2012/01/19 Author: Stefan Esser [stefan.esser[at]sektioneins.de] Application: Suhosin Extension <= 0.9.32.1 Severity: A possible stack buffer overflow in Suhosin extension's transparent cookie encryption that can only be triggered in an uncommon and weakened Suhosin configuration can lead to arbitrary remote code execution, if the FORTIFY_SOURCE compile option was not used when Suhosin was compiled. Risk: Medium Vendor Status: Suhosin Extension 0.9.33 was released which fixes this vulnerability Reference: http://www.suhosin.org/ https://github.com/stefanesser/suhosin |
||
---|---|---|
.. | ||
DESCR | ||
distinfo | ||
Makefile |