Vigil@nce: PHP, memory reading via ini_restore
August 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A PHP script can use the ini_restore() function, in order to
obtain fragments of the memory of the process.
Severity: 1/4
Consequences: data reading
Provenance: user account
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 10/08/2009
IMPACTED PRODUCTS
– PHP
DESCRIPTION OF THE VULNERABILITY
The ini_restore() function restores the value of a configuration
option.
However, this function does not check if the variable was
modified, and returns a memory area coming from the current
process.
A PHP script can thus use the ini_restore() function, in order to
obtain fragments of the memory of the process.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-8929
http://vigilance.fr/vulnerability/PHP-memory-reading-via-ini-restore-8929