Candidate: CVE-2011-0752
PublicDate: 2011-02-02 22:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0752
 http://www.openwall.com/lists/oss-security/2010/12/13/4
Description:
 The extract function in PHP before 5.2.15 does not prevent use of the
 EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and
 (2) the this variable, which allows context-dependent attackers to bypass
 intended access restrictions by modifying data structures that were not
 intended to depend on external input, a related issue to CVE-2005-2691 and
 CVE-2006-3758.
Ubuntu-Description:
Notes:
 mdeslaur> discussion on oss-security seems to indicate this isn't a
 mdeslaur> security issue. Ignoring.
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_php5:
 upstream: http://svn.php.net/viewvc?view=revision&revision=305570
upstream_php5: released (5.3.4)
dapper_php5: ignored
hardy_php5: ignored
karmic_php5: ignored
lucid_php5: ignored
maverick_php5: ignored
devel_php5: not-affected (5.3.5-1ubuntu1)