CVE-2012-0807

MEDIUM

Description

Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.

References

http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0296.html

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html

http://secunia.com/advisories/48668

http://www.openwall.com/lists/oss-security/2012/01/24/11

http://www.openwall.com/lists/oss-security/2012/01/24/7

https://bugzilla.redhat.com/show_bug.cgi?id=783350

https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa

Details

Source: MITRE

Published: 2012-01-27

Updated: 2018-01-18

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:hardened-php:suhosin:*:beta_2006.09.07:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:*:beta_2006.09.09:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.6.1:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.6.2:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.6.3:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.7:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.9:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.9.1:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.10:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.11:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.12:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.13:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.14:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.15:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.16:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.17:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.18:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.19:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.20:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.21:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.22:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.23:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.24:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.25:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.26:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.27:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.28:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.29:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:0.9.30:*:*:*:*:*:*:*

cpe:2.3:a:hardened-php:suhosin:*:*:*:*:*:*:*:* versions up to 0.9.31 (inclusive)

Tenable Plugins

View all (6 total)

ID	Name	Product	Family	Severity
79963	GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012	Nessus	Gentoo Local Security Checks	high
74580	openSUSE Security Update : php5 (openSUSE-SU-2012:0426-1)	Nessus	SuSE Local Security Checks	high
58890	Mandriva Linux Security Advisory : php (MDVSA-2012:065)	Nessus	Mandriva Local Security Checks	high
58740	SuSE 11.1 Security Update : PHP5 (SAT Patch Number 5964)	Nessus	SuSE Local Security Checks	high
58615	SuSE 11.2 Security Update : PHP5 (SAT Patch Number 5958)	Nessus	SuSE Local Security Checks	medium
58480	SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009)	Nessus	SuSE Local Security Checks	high