CVE-2010-2225

HIGH

Description

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.

References

http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

http://marc.info/?l=bugtraq&m=133469208622507&w=2

http://pastebin.com/mXGidCsd

http://secunia.com/advisories/40860

http://support.apple.com/kb/HT4312

http://twitter.com/i0n1c/statuses/16373156076

http://twitter.com/i0n1c/statuses/16447867829

http://www.debian.org/security/2010/dsa-2089

http://www.securityfocus.com/bid/40948

https://bugzilla.redhat.com/show_bug.cgi?id=605641

https://exchange.xforce.ibmcloud.com/vulnerabilities/59610

Details

Source: MITRE

Published: 2010-06-24

Updated: 2017-08-17

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*

Configuration 2

cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

ID	Name	Product	Family	Severity
75429	openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0599-1)	Nessus	SuSE Local Security Checks	high
56459	GLSA-201110-06 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
50890	SuSE 11 / 11.1 Security Update : Apache 2 (SAT Patch Numbers 2880 / 2881)	Nessus	SuSE Local Security Checks	high
49830	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7110)	Nessus	SuSE Local Security Checks	high
49752	openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0678-1)	Nessus	SuSE Local Security Checks	high
49306	Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : php5 vulnerabilities (USN-989-1)	Nessus	Ubuntu Local Security Checks	high
49210	openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0599-1)	Nessus	SuSE Local Security Checks	high
48921	Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : php (SSA:2010-240-04)	Nessus	Slackware Local Security Checks	high
48424	Mac OS X Multiple Vulnerabilities (Security Update 2010-005)	Nessus	MacOS X Local Security Checks	high
48412	Fedora 13 : maniadrive-1.2-22.fc13 / php-5.3.3-1.fc13 / php-eaccelerator-0.9.6.1-2.fc13 (2010-11481)	Nessus	Fedora Local Security Checks	high
48411	Fedora 12 : maniadrive-1.2-22.fc12 / php-5.3.3-1.fc12 / php-eaccelerator-0.9.6.1-2.fc12 (2010-11428)	Nessus	Fedora Local Security Checks	high
48384	Debian DSA-2089-1 : php5 - several vulnerabilities	Nessus	Debian Local Security Checks	high
48245	PHP 5.3 < 5.3.3 Multiple Vulnerabilities	Nessus	CGI abuses	high
48244	PHP 5.2 < 5.2.14 Multiple Vulnerabilities	Nessus	CGI abuses	high
48198	Mandriva Linux Security Advisory : php (MDVSA-2010:140)	Nessus	Mandriva Local Security Checks	high
48197	Mandriva Linux Security Advisory : php (MDVSA-2010:139)	Nessus	Mandriva Local Security Checks	high
801070	PHP < 5.3.3 / 5.2.14 Multiple Vulnerabilities	Log Correlation Engine	Web Servers	high
5616	PHP < 5.2.14 / 5.3.x < 5.3.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high