CVE-2009-2626
published 2009-12-01CVE-2009-2626: The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive…
PriorityP336medium6.4CVSS 2.0
AVNACLAuNCPINAP
EXPLOIT
EPSS
8.31%
94.2th percentile
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
Affected
86 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.2.10 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
vendor_redhat6.4MEDIUM
vendor_ubuntu6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2010-01-13·CVSS 6.4
CVE-2009-2626 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
Maksymilian Arciemowicz discovered that PHP did not properly handle the
ini_restore function. An attacker could exploit this issue to obtain
random memory contents or to cause the PHP server to crash, resulting in a
denial of service. (CVE-2009-2626)
It was discovered that the htmlspecialchars function did not properly
handle certain character sequences, which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output. With
cross-site scripting vulnerabilities, if a user were tricked into viewing
server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain. (CVE-2009-4142
Red Hat
CVE-2009-2626: The zend_restore_ini_entry_cb function in zend_ini
vendor_redhat·CVSS 6.4
CVE-2009-2626 [MEDIUM] CVE-2009-2626: The zend_restore_ini_entry_cb function in zend_ini
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
Statement: Red Hat does not consider this flaw to be a security issue. The bug can only be triggered by the PHP script author, which does not cross trust boundary.
GHSA
GHSA-5c54-wvq7-976j: The zend_restore_ini_entry_cb function in zend_ini
ghsa_unreviewed·2022-05-02
CVE-2009-2626 [MEDIUM] GHSA-5c54-wvq7-976j: The zend_restore_ini_entry_cb function in zend_ini
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
No detection rules found.
Exploit-DB
PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure
exploitdb·2009-12-03
CVE-2009-2626 PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure
PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure
---
Credit/Author:
Maksymilian Arciemowicz from SecurityReason
Vulnerable:
PHP PHP 5.3
PHP PHP 5.2.10
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
References:
https://www.securityfocus.com/bid/36009/info
http://securityreason.com/achievement_securityalert/65
Description:
PHP is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks
POC 1:
POC 2:
Exploit-DB
PHP 5.2.10/5.3 - 'ini_restore()' Memory Information Disclosure (2)
exploitdb·2009-08-10
CVE-2009-2626 PHP 5.2.10/5.3 - 'ini_restore()' Memory Information Disclosure (2)
PHP 5.2.10/5.3 - 'ini_restore()' Memory Information Disclosure (2)
---
source: https://www.securityfocus.com/bid/36009/info
PHP is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
Exploit-DB
PHP 5.2.10/5.3 - 'ini_restore()' Memory Information Disclosure (1)
exploitdb·2009-08-10
CVE-2009-2626 PHP 5.2.10/5.3 - 'ini_restore()' Memory Information Disclosure (1)
PHP 5.2.10/5.3 - 'ini_restore()' Memory Information Disclosure (1)
---
source: https://www.securityfocus.com/bid/36009/info
PHP is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540605http://secunia.com/advisories/37482http://securityreason.com/achievement_securityalert/65http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/Zend/zend_ini.c?r1=272370&r2=284156http://www.debian.org/security/2009/dsa-1940http://www.securityfocus.com/bid/36009http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540605http://secunia.com/advisories/37482http://securityreason.com/achievement_securityalert/65http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/Zend/zend_ini.c?r1=272370&r2=284156http://www.debian.org/security/2009/dsa-1940http://www.securityfocus.com/bid/36009
2009-12-01
Published