Executive Summary
Summary | |
---|---|
Title | PHP vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-424-1 | First vendor Publication | 2007-02-21 |
Vendor | Ubuntu | Last vendor Modification | 2007-02-21 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: Ubuntu 6.06 LTS: Ubuntu 6.10: After a standard system upgrade you need to restart Apache or reboot your computer to effect the necessary changes. Details follow: Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server. (CVE-2007-0906) The sapi_header_op() function had a buffer underflow that could be exploited to crash the PHP interpreter. (CVE-2007-0907) The wddx unserialization handler did not correctly check for some buffer boundaries and had an uninitialized variable. By unserializing untrusted data, this could be exploited to expose memory regions that were not meant to be accessible. Depending on the PHP application this could lead to disclosure of potentially sensitive information. (CVE-2007-0908) On 64 bit systems (the amd64 and sparc platforms), various print functions and the odbc_result_all() were susceptible to a format string vulnerability. A remote attacker could exploit this to execute arbitrary code with the privileges of the web server. (CVE-2007-0909) Under certain circumstances it was possible to overwrite superglobal variables (like the HTTP GET/POST arrays) with crafted session data. (CVE-2007-0910) When unserializing untrusted data on 64-bit platforms the zend_hash_init() function could be forced to enter an infinite loop, consuming CPU resources, for a limited length of time, until the script timeout alarm aborts the script. (CVE-2007-0988) |
Original Source
Url : http://www.ubuntu.com/usn/USN-424-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.2.1 File : nvt/nopsec_php_5_2_1.nasl |
2012-06-21 | Name : PHP version smaller than 4.4.5 File : nvt/nopsec_php_4_4_5.nasl |
2010-04-23 | Name : PHP 5.2.0 and Prior Versions Multiple Vulnerabilities File : nvt/gb_php_22496.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5017282.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5009300.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:048 (php) File : nvt/gb_mandriva_MDKSA_2007_048.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-424-1 File : nvt/gb_ubuntu_USN_424_1.nasl |
2009-03-23 | Name : Ubuntu Update for php5 regression USN-424-2 File : nvt/gb_ubuntu_USN_424_2.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-261 File : nvt/gb_fedora_2007_261_php_fc6.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-287 File : nvt/gb_fedora_2007_287_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-455 File : nvt/gb_fedora_2007_455_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-526 File : nvt/gb_fedora_2007_526_php_fc5.nasl |
2009-01-28 | Name : SuSE Update for php4,php5 SUSE-SA:2007:020 File : nvt/gb_suse_2007_020.nasl |
2009-01-28 | Name : SuSE Update for php4,php5 SUSE-SA:2007:032 File : nvt/gb_suse_2007_032.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200703-21 (php) File : nvt/glsa_200703_21.nasl |
2008-09-04 | Name : php -- multiple vulnerabilities File : nvt/freebsd_php5-imap.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1264-1 (php4) File : nvt/deb_1264_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-053-01 php File : nvt/esoft_slk_ssa_2007_053_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
34715 | PHP ibase_modify_user() Function Unspecified Overflow |
34714 | PHP ibase_add_user() Function Unspecified Overflow |
34713 | PHP ibase_delete_user() Function Unspecified Overflow |
34712 | PHP mail() Function Unspecified Overflow |
34711 | PHP str_replace() Function Unspecified Overflow |
34710 | PHP stream Filters Unspecified Overflow |
34709 | PHP sqlite Extension Unspecified Overflow |
34708 | PHP imap Extension Unspecified Overflow |
34707 | PHP zip Extension Unspecified Overflow |
34706 | PHP Session Extension Unspecified Overflow |
32767 | PHP sapi_header_op Function Underflow DoS |
32766 | PHP wddx Extension Unspecified Information Disclosure PHP contains a flaw that may allow a context-dependent attacker to gain access to privileged information. The issue is due to the WDDX deserializer in the wddx extension not properly initializing the key_length variable for numerical keys. This may allow an attacker to read arbitrary parts of the stack memory via a crafted wddxPacket alement. |
32765 | PHP odbc_result_all Function Format String |
32764 | PHP on 64-bit Multiple print Function Format String |
32763 | PHP Super-global Variable Unspecified Clobber |
32762 | PHP on 64-bit zend_hash_init Function Remote DoS PHP contains a flaw that may all a context-dependent attacker to deny service. The issue occurs on 64-bit platforms when the zend_hash_init function unserializing certain expressions causing 32-bit arguments to be used after the check for a negative value. This may cause the application to enter an infinite loop and require a restart. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0076.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_php5-3754.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-3290.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-2684.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-424-2.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-424-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-3289.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-2687.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-3745.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-3753.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0082.nasl - Type : ACT_GATHER_INFO |
2007-04-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_5.nasl - Type : ACT_GATHER_INFO |
2007-04-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_1.nasl - Type : ACT_GATHER_INFO |
2007-03-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200703-21.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1264.nasl - Type : ACT_GATHER_INFO |
2007-02-27 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-287.nasl - Type : ACT_GATHER_INFO |
2007-02-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-048.nasl - Type : ACT_GATHER_INFO |
2007-02-23 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-053-01.nasl - Type : ACT_GATHER_INFO |
2007-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0081.nasl - Type : ACT_GATHER_INFO |
2007-02-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-261.nasl - Type : ACT_GATHER_INFO |
2007-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0076.nasl - Type : ACT_GATHER_INFO |
2007-02-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0076.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7fcf1727be7111dbb2ec000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:10 |
|