Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-2531

The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.

Related bugs and status

CVE-2010-2531 (Candidate) is related to these bugs:

Bug #564920: PHP5 under Apache2 on 64 bit system is not completely 64 bit

Summary				In	Importance	Status
	564920	PHP5 under Apache2 on 64 bit system is not completely 64 bit		php5 (Ubuntu)	Low	Fix Released
	564920	PHP5 under Apache2 on 64 bit system is not completely 64 bit		php5 (Ubuntu Lucid)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.vupen.com/e...
MISC: http://lists.apple.com...
MISC: http://lists.apple.com...
MISC: http://www.debian.org/...
MISC: https://bugzilla.redha...
MISC: http://www.redhat.com/...
MISC: http://marc.info/?l=bu...
MISC: http://marc.info/?l=bu...
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://support.apple.c...
MISC: http://support.apple.c...
MISC: http://svn.php.net/vie...
MISC: http://www.php.net/arc...
MISC: http://www.php.net/arc...