> PHP Session Handling Double Free Vulnerabilities
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Less critical
> System access
> Local system
> PHP 5.2.x
> PHP 5.1.x
> PHP 5.0.x
> Stefan Esser has reported some vulnerabilities in PHP, which can be
> exploited by malicious users people to compromise a vulnerable
> 1) A double free error within the "session_regenerate_id()" function
> can be exploited to execute arbitrary code with the privileges of the
> PHP interpreter.
> 2) A double free error within the handling of rejected sessions in
> PHP's internal storage module can be exploited to execute arbitrary
> code with the privileges of the PHP interpreter.
> Successful exploitation requires that a user can e.g. upload and
> execute malicious PHP scripts. Remote exploitation may be possible,
> but has not currently been proven.
> The vulnerabilities are reported in version 5.2.0 and 5.2.1. Other
> versions may also be affected.
> Allow only trusted users to upload and execute PHP scripts.
> PROVIDED AND/OR DISCOVERED BY:
> Stefan Esser
> ORIGINAL ADVISORY: