User: Password:
Subscribe / Log in / New account

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988
Created:February 20, 2007 Updated:March 21, 2007
Description: A number of buffer overflow flaws were found in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. If very long strings under the control of an attacker are passed to the str_replace() function then an integer overflow could occur in memory allocation. If a script uses the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker who is able to access a PHP application affected by any these issues could trigger these flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)

If unserializing untrusted data on 64-bit platforms, the zend_hash_init() function can be forced to enter an infinite loop, consuming CPU resources for a limited length of time, until the script timeout alarm aborts execution of the script. (CVE-2007-0988)

If the wddx extension is used to import WDDX data from an untrusted source, certain WDDX input packets may allow a random portion of heap memory to be exposed. (CVE-2007-0908)

If the odbc_result_all() function is used to display data from a database, and the contents of the database table are under the control of an attacker, a format string vulnerability is possible which could lead to the execution of arbitrary code. (CVE-2007-0909)

A one byte memory read will always occur before the beginning of a buffer, which could be triggered for example by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)

Several flaws in PHP could allows attackers to "clobber" certain super-global variables via unspecified vectors. (CVE-2007-0910)

Gentoo 200703-21 PHP 2007-03-20
SuSE SUSE-SA:2007:020 php4,php5 2007-03-15
Red Hat RHSA-2007:0082-02 PHP 2007-03-14
Ubuntu USN-424-2 USN-424-1 fixed 2007-03-08
Debian DSA-1264-1 php4 2007-03-07
rPath rPSA-2007-0043-1 php 2007-02-27
Fedora FEDORA-2007-287 php 2007-02-26
OpenPKG OpenPKG-SA-2007.010 php 2007-02-23
Slackware SSA:2007-053-01 php 2007-02-23
Mandriva MDKSA-2007:048 php 2006-02-22
Red Hat RHSA-2007:0088-01 PHP 2007-02-22
Ubuntu USN-424-1 php5 2007-02-21
Red Hat RHSA-2007:0081-01 PHP 2007-02-21
Fedora FEDORA-2007-261 php 2007-02-20
Red Hat RHSA-2007:0076-01 PHP 2007-02-19

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds