7.8 - USN-455-1

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	PHP vulnerabilities

Informations
Name	USN-455-1	First vendor Publication	2007-04-27
Vendor	Ubuntu	Last vendor Modification	2007-04-27
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:C/A:N)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
libapache2-mod-php5 5.1.2-1ubuntu3.7
php5-cgi 5.1.2-1ubuntu3.7
php5-cli 5.1.2-1ubuntu3.7
php5-sqlite 5.1.2-1ubuntu3.7

Ubuntu 6.10:
libapache2-mod-php5 5.1.6-1ubuntu2.4
php5-cgi 5.1.6-1ubuntu2.4
php5-cli 5.1.6-1ubuntu2.4
php5-sqlite 5.1.6-1ubuntu2.4

Ubuntu 7.04:
libapache2-mod-php5 5.2.1-0ubuntu1.1
php5-cgi 5.2.1-0ubuntu1.1
php5-cli 5.2.1-0ubuntu1.1
php5-sqlite 5.2.1-0ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Stefan Esser discovered multiple vulnerabilities in the "Month of PHP bugs".

The substr_compare() function did not sufficiently verify its length argument. This might be exploited to read otherwise unaccessible memory, which might lead to information disclosure. (CVE-2007-1375)

The shared memory (shmop) functions did not verify resource types, thus they could be called with a wrong resource type that might contain user supplied data. This could be exploited to read and write arbitrary memory addresses of the PHP interpreter. This issue does not affect Ubuntu 7.04. (CVE-2007-1376)

The php_binary handler of the session extension was missing a boundary check. When unserializing overly long variable names this could be exploited to read up to 126 bytes of memory, which might lead to information disclosure. (CVE-2007-1380)

The internal array_user_key_compare() function, as used for example by the PHP function uksort(), incorrectly handled memory unreferencing of its arguments. This could have been exploited to execute arbitrary code with the privileges of the PHP interpreter, and thus circumventing any disable_functions, open_basedir, or safe_mode restrictions. (CVE-2007-1484)

The session_regenerate_id() function did not properly clean up the former session identifier variable. This could be exploited to crash the PHP interpreter, possibly also remotely. (CVE-2007-1521)

Under certain conditions the mb_parse_str() could cause the register_globals configuration option to become permanently enabled. This opened an attack vector for a large and common class of vulnerabilities. (CVE-2007-1583)

The session extension did not set the correct reference count value for the session variables. By unsetting _SESSION and HTTP_SESSION_VARS (or tricking a PHP script into doing that) this could be exploited to execute arbitrary code with the privileges of the PHP interpreter. This issue does not affect Ubuntu 7.04. (CVE-2007-1700)

The mail() function did not correctly escape control characters in multiline email headers. This could be remotely exploited to inject arbitrary email headers. (CVE-2007-1718)

The php_stream_filter_create() function had an off-by-one buffer overflow in the handling of wildcards. This could be exploited to remotely crash the PHP interpreter. This issue does not affect Ubuntu 7.04. (CVE-2007-1824)

When calling the sqlite_udf_decode_binary() with special arguments, a buffer overflow happened. Depending on the application this could be locally or remotely exploited to execute arbitrary code with the privileges of the PHP interpreter. (CVE-2007-1887 CVE-2007-1888)

The FILTER_VALIDATE_EMAIL filter extension used a wrong regular expression that allowed injecting a newline character at the end of the email string. This could be exploited to inject arbitrary email headers. This issue only affects Ubuntu 7.04. (CVE-2007-1900)

Original Source

Url : http://www.ubuntu.com/usn/USN-455-1

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10245

Oval ID:	oval:org.mitre.oval:def:10245
Title:	The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
Description:	The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1583	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section php is earlier than 0:4.3.2-40.ent AND php-pgsql is earlier than 0:4.3.2-40.ent AND php-mysql is earlier than 0:4.3.2-40.ent AND php-ldap is earlier than 0:4.3.2-40.ent AND php-imap is earlier than 0:4.3.2-40.ent AND php-odbc is earlier than 0:4.3.2-40.ent AND php-devel is earlier than 0:4.3.2-40.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section php-xmlrpc is earlier than 0:4.3.9-3.22.4 AND php-snmp is earlier than 0:4.3.9-3.22.4 AND php-domxml is earlier than 0:4.3.9-3.22.4 AND php-mysql is earlier than 0:4.3.9-3.22.4 AND php-imap is earlier than 0:4.3.9-3.22.4 AND php-gd is earlier than 0:4.3.9-3.22.4 AND php is earlier than 0:4.3.9-3.22.4 AND php-mbstring is earlier than 0:4.3.9-3.22.4 AND php-pgsql is earlier than 0:4.3.9-3.22.4 AND php-pear is earlier than 0:4.3.9-3.22.4 AND php-ldap is earlier than 0:4.3.9-3.22.4 AND php-odbc is earlier than 0:4.3.9-3.22.4 AND php-ncurses is earlier than 0:4.3.9-3.22.4 AND php-devel is earlier than 0:4.3.9-3.22.4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section php-bcmath is earlier than 0:5.1.6-11.el5 AND php-soap is earlier than 0:5.1.6-11.el5 AND php-common is earlier than 0:5.1.6-11.el5 AND php-mysql is earlier than 0:5.1.6-11.el5 AND php-imap is earlier than 0:5.1.6-11.el5 AND php-gd is earlier than 0:5.1.6-11.el5 AND php is earlier than 0:5.1.6-11.el5 AND php-mbstring is earlier than 0:5.1.6-11.el5 AND php-pgsql is earlier than 0:5.1.6-11.el5 AND php-xml is earlier than 0:5.1.6-11.el5 AND php-ldap is earlier than 0:5.1.6-11.el5 AND php-odbc is earlier than 0:5.1.6-11.el5 AND php-ncurses is earlier than 0:5.1.6-11.el5 AND php-devel is earlier than 0:5.1.6-11.el5 AND php-xmlrpc is earlier than 0:5.1.6-11.el5 AND php-snmp is earlier than 0:5.1.6-11.el5 AND php-pdo is earlier than 0:5.1.6-11.el5 AND php-dba is earlier than 0:5.1.6-11.el5 AND php-cli is earlier than 0:5.1.6-11.el5

Definition Id: oval:org.mitre.oval:def:10792

Oval ID:	oval:org.mitre.oval:def:10792
Title:	The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.
Description:	The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1380	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section php is earlier than 0:4.3.2-39.ent AND php-pgsql is earlier than 0:4.3.2-39.ent AND php-mysql is earlier than 0:4.3.2-39.ent AND php-ldap is earlier than 0:4.3.2-39.ent AND php-imap is earlier than 0:4.3.2-39.ent AND php-odbc is earlier than 0:4.3.2-39.ent AND php-devel is earlier than 0:4.3.2-39.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section php-xmlrpc is earlier than 0:4.3.9-3.22.3 AND php-snmp is earlier than 0:4.3.9-3.22.3 AND php-domxml is earlier than 0:4.3.9-3.22.3 AND php-mysql is earlier than 0:4.3.9-3.22.3 AND php-imap is earlier than 0:4.3.9-3.22.3 AND php-gd is earlier than 0:4.3.9-3.22.3 AND php is earlier than 0:4.3.9-3.22.3 AND php-mbstring is earlier than 0:4.3.9-3.22.3 AND php-pgsql is earlier than 0:4.3.9-3.22.3 AND php-pear is earlier than 0:4.3.9-3.22.3 AND php-ldap is earlier than 0:4.3.9-3.22.3 AND php-odbc is earlier than 0:4.3.9-3.22.3 AND php-ncurses is earlier than 0:4.3.9-3.22.3 AND php-devel is earlier than 0:4.3.9-3.22.3 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section php-bcmath is earlier than 0:5.1.6-7.el5 AND php-soap is earlier than 0:5.1.6-7.el5 AND php-common is earlier than 0:5.1.6-7.el5 AND php-mysql is earlier than 0:5.1.6-7.el5 AND php-imap is earlier than 0:5.1.6-7.el5 AND php-gd is earlier than 0:5.1.6-7.el5 AND php is earlier than 0:5.1.6-7.el5 AND php-mbstring is earlier than 0:5.1.6-7.el5 AND php-pgsql is earlier than 0:5.1.6-7.el5 AND php-xml is earlier than 0:5.1.6-7.el5 AND php-ldap is earlier than 0:5.1.6-7.el5 AND php-odbc is earlier than 0:5.1.6-7.el5 AND php-ncurses is earlier than 0:5.1.6-7.el5 AND php-devel is earlier than 0:5.1.6-7.el5 AND php-xmlrpc is earlier than 0:5.1.6-7.el5 AND php-snmp is earlier than 0:5.1.6-7.el5 AND php-pdo is earlier than 0:5.1.6-7.el5 AND php-dba is earlier than 0:5.1.6-7.el5 AND php-cli is earlier than 0:5.1.6-7.el5

Definition Id: oval:org.mitre.oval:def:10951

Oval ID:	oval:org.mitre.oval:def:10951
Title:	CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
Description:	CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1718	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section php is earlier than 0:4.3.2-40.ent AND php-pgsql is earlier than 0:4.3.2-40.ent AND php-mysql is earlier than 0:4.3.2-40.ent AND php-ldap is earlier than 0:4.3.2-40.ent AND php-imap is earlier than 0:4.3.2-40.ent AND php-odbc is earlier than 0:4.3.2-40.ent AND php-devel is earlier than 0:4.3.2-40.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section php-xmlrpc is earlier than 0:4.3.9-3.22.4 AND php-snmp is earlier than 0:4.3.9-3.22.4 AND php-domxml is earlier than 0:4.3.9-3.22.4 AND php-mysql is earlier than 0:4.3.9-3.22.4 AND php-imap is earlier than 0:4.3.9-3.22.4 AND php-gd is earlier than 0:4.3.9-3.22.4 AND php is earlier than 0:4.3.9-3.22.4 AND php-mbstring is earlier than 0:4.3.9-3.22.4 AND php-pgsql is earlier than 0:4.3.9-3.22.4 AND php-pear is earlier than 0:4.3.9-3.22.4 AND php-ldap is earlier than 0:4.3.9-3.22.4 AND php-odbc is earlier than 0:4.3.9-3.22.4 AND php-ncurses is earlier than 0:4.3.9-3.22.4 AND php-devel is earlier than 0:4.3.9-3.22.4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section php-bcmath is earlier than 0:5.1.6-11.el5 AND php-soap is earlier than 0:5.1.6-11.el5 AND php-common is earlier than 0:5.1.6-11.el5 AND php-mysql is earlier than 0:5.1.6-11.el5 AND php-imap is earlier than 0:5.1.6-11.el5 AND php-gd is earlier than 0:5.1.6-11.el5 AND php is earlier than 0:5.1.6-11.el5 AND php-mbstring is earlier than 0:5.1.6-11.el5 AND php-pgsql is earlier than 0:5.1.6-11.el5 AND php-xml is earlier than 0:5.1.6-11.el5 AND php-ldap is earlier than 0:5.1.6-11.el5 AND php-odbc is earlier than 0:5.1.6-11.el5 AND php-ncurses is earlier than 0:5.1.6-11.el5 AND php-devel is earlier than 0:5.1.6-11.el5 AND php-xmlrpc is earlier than 0:5.1.6-11.el5 AND php-snmp is earlier than 0:5.1.6-11.el5 AND php-pdo is earlier than 0:5.1.6-11.el5 AND php-dba is earlier than 0:5.1.6-11.el5 AND php-cli is earlier than 0:5.1.6-11.el5

Definition Id: oval:org.mitre.oval:def:19944

Oval ID:	oval:org.mitre.oval:def:19944
Title:	DSA-1283-1 php5
Description:	Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1283-1 CVE-2007-1286 CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1700 CVE-2007-1711 CVE-2007-1718 CVE-2007-1777 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889 CVE-2007-1900	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	php5
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND php5 DPKG is earlier than 0:5.2.0-8+etch3

Definition Id: oval:org.mitre.oval:def:21723

Oval ID:	oval:org.mitre.oval:def:21723
Title:	ELSA-2007:0153: php security update (Moderate)
Description:	CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:0153-01 CVE-2007-0455 CVE-2007-1001 CVE-2007-1718 CVE-2007-1583	Version:	21
Platform(s):	Oracle Linux 5	Product(s):	php
Definition Synopsis:
Oracle Linux 5.x rpm test php-odbc is earlier than 0:5.1.6-11.el5 AND php-soap is earlier than 0:5.1.6-11.el5 AND php-gd is earlier than 0:5.1.6-11.el5 AND php-common is earlier than 0:5.1.6-11.el5 AND php-mysql is earlier than 0:5.1.6-11.el5 AND php is earlier than 0:5.1.6-11.el5 AND php-xmlrpc is earlier than 0:5.1.6-11.el5 AND php-cli is earlier than 0:5.1.6-11.el5 AND php-mbstring is earlier than 0:5.1.6-11.el5 AND php-pgsql is earlier than 0:5.1.6-11.el5 AND php-xml is earlier than 0:5.1.6-11.el5 AND php-dba is earlier than 0:5.1.6-11.el5 AND php-devel is earlier than 0:5.1.6-11.el5 AND php-ncurses is earlier than 0:5.1.6-11.el5 AND php-imap is earlier than 0:5.1.6-11.el5 AND php-bcmath is earlier than 0:5.1.6-11.el5 AND php-snmp is earlier than 0:5.1.6-11.el5 AND php-pdo is earlier than 0:5.1.6-11.el5 AND php-ldap is earlier than 0:5.1.6-11.el5

Definition Id: oval:org.mitre.oval:def:5348

Oval ID:	oval:org.mitre.oval:def:5348
Title:	HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
Description:	Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1887	Version:	9
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02262 platforms HP Release B.11.23 AND HP-UX B.11.31 AND HP Release B.11.11 AND hpuxwsAPACHE version is less than B.2.0.59.00 OR Criteria meets HP Security Bulletin HPSBUX02262 HP Release B.11.11 AND hpuxwsAPACHE version is less than A.2.0.59.00

Definition Id: oval:org.mitre.oval:def:6067

Oval ID:	oval:org.mitre.oval:def:6067
Title:	HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
Description:	CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1900	Version:	9
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02262 platforms HP Release B.11.23 AND HP-UX B.11.31 AND HP Release B.11.11 AND hpuxwsAPACHE version is less than B.2.0.59.00 OR Criteria meets HP Security Bulletin HPSBUX02262 HP Release B.11.11 AND hpuxwsAPACHE version is less than A.2.0.59.00

CPE : Common Platform Enumeration

Type	Description	Count
Application	Php cpe:2.3:a:php:php:5.4.0:-:::::: cpe:2.3:a:php:php:5.2.9:-:::::: cpe:2.3:a:php:php:5.2.9:rc1:::::: cpe:2.3:a:php:php:5.2.9:rc2:::::: cpe:2.3:a:php:php:5.2.9:rc3:::::: cpe:2.3:a:php:php:5.2.8:::::::* cpe:2.3:a:php:php:5.2.7:-:::::: cpe:2.3:a:php:php:5.2.7:rc1:::::: cpe:2.3:a:php:php:5.2.7:rc2:::::: cpe:2.3:a:php:php:5.2.7:rc3:::::: cpe:2.3:a:php:php:5.2.7:rc4:::::: cpe:2.3:a:php:php:5.2.7:rc5:::::: cpe:2.3:a:php:php:5.2.6:-:::::: cpe:2.3:a:php:php:5.2.6:rc1:::::: cpe:2.3:a:php:php:5.2.6:rc2:::::: cpe:2.3:a:php:php:5.2.6:rc3:::::: cpe:2.3:a:php:php:5.2.6:rc4:::::: cpe:2.3:a:php:php:5.2.6:rc5:::::: cpe:2.3:a:php:php:5.2.5:-:::::: cpe:2.3:a:php:php:5.2.5:rc1:::::: cpe:2.3:a:php:php:5.2.5:rc2:::::: cpe:2.3:a:php:php:5.2.4::windows::::: cpe:2.3:a:php:php:5.2.4:-:::::: cpe:2.3:a:php:php:5.2.4:rc1:::::: cpe:2.3:a:php:php:5.2.4:rc2:::::: cpe:2.3:a:php:php:5.2.4:rc3:::::: cpe:2.3:a:php:php:5.2.3:-:::::: cpe:2.3:a:php:php:5.2.3:rc1:::::: cpe:2.3:a:php:php:5.2.2:-:::::: cpe:2.3:a:php:php:5.2.2:rc1:::::: cpe:2.3:a:php:php:5.2.2:rc2:::::: cpe:2.3:a:php:php:5.2.15:-:::::: cpe:2.3:a:php:php:5.2.15:rc1:::::: cpe:2.3:a:php:php:5.2.15:rc2:::::: cpe:2.3:a:php:php:5.2.14:-:::::: cpe:2.3:a:php:php:5.2.14:rc1:::::: cpe:2.3:a:php:php:5.2.14:rc2:::::: cpe:2.3:a:php:php:5.2.14:rc3:::::: cpe:2.3:a:php:php:5.2.13:-:::::: cpe:2.3:a:php:php:5.2.13:rc1:::::: cpe:2.3:a:php:php:5.2.13:rc2:::::: cpe:2.3:a:php:php:5.2.12:-:::::: cpe:2.3:a:php:php:5.2.12:rc1:::::: cpe:2.3:a:php:php:5.2.12:rc2:::::: cpe:2.3:a:php:php:5.2.12:rc3:::::: cpe:2.3:a:php:php:5.2.12:rc4:::::: cpe:2.3:a:php:php:5.2.11:-:::::: cpe:2.3:a:php:php:5.2.11:rc1:::::: cpe:2.3:a:php:php:5.2.11:rc2:::::: cpe:2.3:a:php:php:5.2.11:rc3:::::: cpe:2.3:a:php:php:5.2.10:-:::::: cpe:2.3:a:php:php:5.2.10:rc1:::::: cpe:2.3:a:php:php:5.2.10:rc2:::::: cpe:2.3:a:php:php:5.2.1:-:::::: cpe:2.3:a:php:php:5.2.1:rc1:::::: cpe:2.3:a:php:php:5.2.1:rc2:::::: cpe:2.3:a:php:php:5.2.1:rc3:::::: cpe:2.3:a:php:php:5.2.1:rc4:::::: cpe:2.3:a:php:php:5.2.0:::::::* cpe:2.3:a:php:php:5.2.0:rc1:::::: cpe:2.3:a:php:php:5.2.0:rc2:::::: cpe:2.3:a:php:php:5.2.0:rc3:::::: cpe:2.3:a:php:php:5.2.0:rc4:::::: cpe:2.3:a:php:php:5.2.0:rc5:::::: cpe:2.3:a:php:php:5.2.0:rc6:::::: cpe:2.3:a:php:php:5.1.6:::::::* cpe:2.3:a:php:php:5.1.5:-:::::: cpe:2.3:a:php:php:5.1.5:rc1:::::: cpe:2.3:a:php:php:5.1.4:::::::* cpe:2.3:a:php:php:5.1.3:::::::* cpe:2.3:a:php:php:5.1.3:rc1:::::: cpe:2.3:a:php:php:5.1.3:rc2:::::: cpe:2.3:a:php:php:5.1.3:rc3:::::: cpe:2.3:a:php:php:5.1.2:-:::::: cpe:2.3:a:php:php:5.1.2:rc1:::::: cpe:2.3:a:php:php:5.1.2:rc2:::::: cpe:2.3:a:php:php:5.1.1:::::::* cpe:2.3:a:php:php:5.1.0:-:::::: cpe:2.3:a:php:php:5.1.0:beta1:::::: cpe:2.3:a:php:php:5.1.0:beta2:::::: cpe:2.3:a:php:php:5.1.0:beta3:::::: cpe:2.3:a:php:php:5.1.0:rc1:::::: cpe:2.3:a:php:php:5.1.0:rc2:::::: cpe:2.3:a:php:php:5.1.0:rc2-pre:::::: cpe:2.3:a:php:php:5.1.0:rc3:::::: cpe:2.3:a:php:php:5.1.0:rc4:::::: cpe:2.3:a:php:php:5.1.0:rc5:::::: cpe:2.3:a:php:php:5.1.0:rc6:::::: cpe:2.3:a:php:php:5.0.5:-:::::: cpe:2.3:a:php:php:5.0.5:rc1:::::: cpe:2.3:a:php:php:5.0.5:rc2:::::: cpe:2.3:a:php:php:5.0.4:-:::::: cpe:2.3:a:php:php:5.0.4:rc1:::::: cpe:2.3:a:php:php:5.0.4:rc2:::::: cpe:2.3:a:php:php:5.0.3:-:::::: cpe:2.3:a:php:php:5.0.3:rc1:::::: cpe:2.3:a:php:php:5.0.3:rc2:::::: cpe:2.3:a:php:php:5.0.2:-:::::: cpe:2.3:a:php:php:5.0.2:rc1:::::: cpe:2.3:a:php:php:5.0.1:-:::::: cpe:2.3:a:php:php:5.0.1:beta1:::::: cpe:2.3:a:php:php:5.0.1:rc1:::::: cpe:2.3:a:php:php:5.0.1:rc2:::::: cpe:2.3:a:php:php:5.0.0:-:::::: cpe:2.3:a:php:php:5.0.0:beta3:::::: cpe:2.3:a:php:php:5.0.0:rc3:::::: cpe:2.3:a:php:php:5.0.0:beta1:::::: cpe:2.3:a:php:php:5.0.0:beta4:::::: cpe:2.3:a:php:php:5.0.0:rc1:::::: cpe:2.3:a:php:php:5.0.0:beta2:::::: cpe:2.3:a:php:php:5.0.0:rc2:::::: cpe:2.3:a:php:php:5.0:rc1:::::: cpe:2.3:a:php:php:5.0:rc3:::::: cpe:2.3:a:php:php:5.0:rc2:::::: cpe:2.3:a:php:php:5:::::::* cpe:2.3:a:php:php:4.4.9:-:::::: cpe:2.3:a:php:php:4.4.9:rc1:::::: cpe:2.3:a:php:php:4.4.8:-:::::: cpe:2.3:a:php:php:4.4.8:rc1:::::: cpe:2.3:a:php:php:4.4.7:-:::::: cpe:2.3:a:php:php:4.4.7:rc1:::::: cpe:2.3:a:php:php:4.4.6:-:::::: cpe:2.3:a:php:php:4.4.6:rc1:::::: cpe:2.3:a:php:php:4.4.5:-:::::: cpe:2.3:a:php:php:4.4.5:rc1:::::: cpe:2.3:a:php:php:4.4.5:rc2:::::: cpe:2.3:a:php:php:4.4.4:-:::::: cpe:2.3:a:php:php:4.4.4:rc1:::::: cpe:2.3:a:php:php:4.4.3:-:::::: cpe:2.3:a:php:php:4.4.3:rc1:::::: cpe:2.3:a:php:php:4.4.3:rc2:::::: cpe:2.3:a:php:php:4.4.2:-:::::: cpe:2.3:a:php:php:4.4.2:rc1:::::: cpe:2.3:a:php:php:4.4.2:rc2:::::: cpe:2.3:a:php:php:4.4.1:-:::::: cpe:2.3:a:php:php:4.4.1:rc1:::::: cpe:2.3:a:php:php:4.4.0:-:::::: cpe:2.3:a:php:php:4.4.0:rc1:::::: cpe:2.3:a:php:php:4.4.0:rc2:::::: cpe:2.3:a:php:php:4.3.9:::::::* cpe:2.3:a:php:php:4.3.9:rc1:::::: cpe:2.3:a:php:php:4.3.9:rc2:::::: cpe:2.3:a:php:php:4.3.9:rc3:::::: cpe:2.3:a:php:php:4.3.8:::::::* cpe:2.3:a:php:php:4.3.7:-:::::: cpe:2.3:a:php:php:4.3.7:rc1:::::: cpe:2.3:a:php:php:4.3.6:-:::::: cpe:2.3:a:php:php:4.3.6:rc1:::::: cpe:2.3:a:php:php:4.3.6:rc2:::::: cpe:2.3:a:php:php:4.3.6:rc3:::::: cpe:2.3:a:php:php:4.3.5:-:::::: cpe:2.3:a:php:php:4.3.5:rc1:::::: cpe:2.3:a:php:php:4.3.5:rc2:::::: cpe:2.3:a:php:php:4.3.5:rc3:::::: cpe:2.3:a:php:php:4.3.5:rc4:::::: cpe:2.3:a:php:php:4.3.4:-:::::: cpe:2.3:a:php:php:4.3.4:rc1:::::: cpe:2.3:a:php:php:4.3.4:rc2:::::: cpe:2.3:a:php:php:4.3.4:rc3:::::: cpe:2.3:a:php:php:4.3.3:-:::::: cpe:2.3:a:php:php:4.3.3:rc1:::::: cpe:2.3:a:php:php:4.3.3:rc2:::::: cpe:2.3:a:php:php:4.3.3:rc3:::::: cpe:2.3:a:php:php:4.3.3:rc4:::::: cpe:2.3:a:php:php:4.3.2:-:::::: cpe:2.3:a:php:php:4.3.2:rc1:::::: cpe:2.3:a:php:php:4.3.2:rc2:::::: cpe:2.3:a:php:php:4.3.2:rc3:::::: cpe:2.3:a:php:php:4.3.2:rc4:::::: cpe:2.3:a:php:php:4.3.11:-:::::: cpe:2.3:a:php:php:4.3.11:rc1:::::: cpe:2.3:a:php:php:4.3.11:rc2:::::: cpe:2.3:a:php:php:4.3.10:-:::::: cpe:2.3:a:php:php:4.3.10:rc1:::::: cpe:2.3:a:php:php:4.3.10:rc2:::::: cpe:2.3:a:php:php:4.3.1:::::::* cpe:2.3:a:php:php:4.3.0:-:::::: cpe:2.3:a:php:php:4.3.0:alpha1:::::: cpe:2.3:a:php:php:4.3.0:alpha2:::::: cpe:2.3:a:php:php:4.3.0:alpha3:::::: cpe:2.3:a:php:php:4.3.0:dev:::::: cpe:2.3:a:php:php:4.3.0:pre1:::::: cpe:2.3:a:php:php:4.3.0:pre2:::::: cpe:2.3:a:php:php:4.3.0:rc1:::::: cpe:2.3:a:php:php:4.3.0:rc2:::::: cpe:2.3:a:php:php:4.3.0:rc3:::::: cpe:2.3:a:php:php:4.3.0:rc4:::::: cpe:2.3:a:php:php:4.2.3:-:::::: cpe:2.3:a:php:php:4.2.3:rc1:::::: cpe:2.3:a:php:php:4.2.3:rc2:::::: cpe:2.3:a:php:php:4.2.2:::::::* cpe:2.3:a:php:php:4.2.1:-:::::: cpe:2.3:a:php:php:4.2.1:rc1:::::: cpe:2.3:a:php:php:4.2.1:rc2:::::: cpe:2.3:a:php:php:4.2.0:-:::::: cpe:2.3:a:php:php:4.2.0:rc1:::::: cpe:2.3:a:php:php:4.2.0:rc2:::::: cpe:2.3:a:php:php:4.2.0:rc3:::::: cpe:2.3:a:php:php:4.2.0:rc4:::::: cpe:2.3:a:php:php:4.2::dev::::: cpe:2.3:a:php:php:4.1.2:::::::* cpe:2.3:a:php:php:4.1.1:::::::* cpe:2.3:a:php:php:4.1.0:-:::::: cpe:2.3:a:php:php:4.1.0:rc1:::::: cpe:2.3:a:php:php:4.1.0:rc2:::::: cpe:2.3:a:php:php:4.1.0:rc3:::::: cpe:2.3:a:php:php:4.1.0:rc4:::::: cpe:2.3:a:php:php:4.1.0:rc5:::::: cpe:2.3:a:php:php:4.0.7:rc3:::::: cpe:2.3:a:php:php:4.0.7:rc2:::::: cpe:2.3:a:php:php:4.0.7:rc4:::::: cpe:2.3:a:php:php:4.0.7:rc1:::::: cpe:2.3:a:php:php:4.0.7:-:::::: cpe:2.3:a:php:php:4.0.6:-:::::: cpe:2.3:a:php:php:4.0.6:rc1:::::: cpe:2.3:a:php:php:4.0.6:rc2:::::: cpe:2.3:a:php:php:4.0.6:rc3:::::: cpe:2.3:a:php:php:4.0.6:rc4:::::: cpe:2.3:a:php:php:4.0.5:-:::::: cpe:2.3:a:php:php:4.0.5:rc1:::::: cpe:2.3:a:php:php:4.0.5:rc2:::::: cpe:2.3:a:php:php:4.0.5:rc3:::::: cpe:2.3:a:php:php:4.0.5:rc4:::::: cpe:2.3:a:php:php:4.0.5:rc5:::::: cpe:2.3:a:php:php:4.0.5:rc6:::::: cpe:2.3:a:php:php:4.0.5:rc7:::::: cpe:2.3:a:php:php:4.0.5:rc8:::::: cpe:2.3:a:php:php:4.0.4pl1:::::::* cpe:2.3:a:php:php:4.0.4:patch1:::::: cpe:2.3:a:php:php:4.0.4:-:::::: cpe:2.3:a:php:php:4.0.4:rc1:::::: cpe:2.3:a:php:php:4.0.4:rc2:::::: cpe:2.3:a:php:php:4.0.4:rc3:::::: cpe:2.3:a:php:php:4.0.4:rc4:::::: cpe:2.3:a:php:php:4.0.4:rc5:::::: cpe:2.3:a:php:php:4.0.4:rc6:::::: cpe:2.3:a:php:php:4.0.3:::::::* cpe:2.3:a:php:php:4.0.3:patch1:::::: cpe:2.3:a:php:php:4.0.3:rc1:::::: cpe:2.3:a:php:php:4.0.3:rc2:::::: cpe:2.3:a:php:php:4.0.2:::::::* cpe:2.3:a:php:php:4.0.2:rc1:::::: cpe:2.3:a:php:php:4.0.1:patch2:::::: cpe:2.3:a:php:php:4.0.1:patch1:::::: cpe:2.3:a:php:php:4.0.1:-:::::: cpe:2.3:a:php:php:4.0.1:rc:::::: cpe:2.3:a:php:php:4.0.1:rc2:::::: cpe:2.3:a:php:php:4.0.0:::::::* cpe:2.3:a:php:php:4.0:beta1:::::: cpe:2.3:a:php:php:4.0:beta2:::::: cpe:2.3:a:php:php:4.0:beta3:::::: cpe:2.3:a:php:php:4.0:beta4:::::: cpe:2.3:a:php:php:4.0:beta_4_patch1:::::: cpe:2.3:a:php:php:4.0:rc1:::::: cpe:2.3:a:php:php:4.0:rc2:::::: cpe:2.3:a:php:php:4.0:-:::::: cpe:2.3:a:php:php:4:::::::* cpe:2.3:a:php:php:3.0.9:::::::* cpe:2.3:a:php:php:3.0.8:::::::* cpe:2.3:a:php:php:3.0.7:::::::* cpe:2.3:a:php:php:3.0.6:::::::* cpe:2.3:a:php:php:3.0.5:::::::* cpe:2.3:a:php:php:3.0.4:::::::* cpe:2.3:a:php:php:3.0.3:::::::* cpe:2.3:a:php:php:3.0.2:::::::* cpe:2.3:a:php:php:3.0.18:::::::* cpe:2.3:a:php:php:3.0.17:::::::* cpe:2.3:a:php:php:3.0.16:::::::* cpe:2.3:a:php:php:3.0.15:::::::* cpe:2.3:a:php:php:3.0.14:::::::* cpe:2.3:a:php:php:3.0.13:::::::* cpe:2.3:a:php:php:3.0.12:::::::* cpe:2.3:a:php:php:3.0.11:::::::* cpe:2.3:a:php:php:3.0.10:::::::* cpe:2.3:a:php:php:3.0.1:::::::* cpe:2.3:a:php:php:3.0:::::::* cpe:2.3:a:php:php:2.0b10:::::::* cpe:2.3:a:php:php:2.0.2:::::::* cpe:2.3:a:php:php:2.0.1:::::::* cpe:2.3:a:php:php:2.0.0:-:::::: cpe:2.3:a:php:php:2.0.0:alpha1:::::: cpe:2.3:a:php:php:2.0.0:alpha2:::::: cpe:2.3:a:php:php:2.0.0:beta1:::::: cpe:2.3:a:php:php:2.0.0:rc1:::::: cpe:2.3:a:php:php:2.0:::::::* cpe:2.3:a:php:php:1.5:::::::* cpe:2.3:a:php:php:1.4:::::::* cpe:2.3:a:php:php:1.3.5:::::::* cpe:2.3:a:php:php:1.3.1:::::::* cpe:2.3:a:php:php:1.3:-:::::: cpe:2.3:a:php:php:1.3:beta2:::::: cpe:2.3:a:php:php:1.3:beta3:::::: cpe:2.3:a:php:php:1.3:beta6:::::: cpe:2.3:a:php:php:1.2.5:::::::* cpe:2.3:a:php:php:1.2.4:::::::* cpe:2.3:a:php:php:1.2.3:::::::* cpe:2.3:a:php:php:1.2.2:::::::* cpe:2.3:a:php:php:1.2.1:::::::* cpe:2.3:a:php:php:1.2.0:::::::* cpe:2.3:a:php:php:1.2:::::::* cpe:2.3:a:php:php:1.1.1:::::::* cpe:2.3:a:php:php:1.1.0:::::::* cpe:2.3:a:php:php:1.1:::::::* cpe:2.3:a:php:php:1.0.4:::::::* cpe:2.3:a:php:php:1.0.3:::::::* cpe:2.3:a:php:php:1.0.2:::::::* cpe:2.3:a:php:php:1.0.1:::::::* cpe:2.3:a:php:php:1.0.0:-:::::: cpe:2.3:a:php:php:1.0.0:rc1:::::: cpe:2.3:a:php:php:1.0:beta1:::::: cpe:2.3:a:php:php:1.0:beta2:::::: cpe:2.3:a:php:php:1.0:beta3:::::: cpe:2.3:a:php:php:1.0:rc1:::::: cpe:2.3:a:php:php:1.0:rc2:::::: cpe:2.3:a:php:php:0.91:::::::* cpe:2.3:a:php:php:0.90:::::::* cpe:2.3:a:php:php:0.9.4:::::::* cpe:2.3:a:php:php:0.9.3:::::::* cpe:2.3:a:php:php:0.9.2:::::::* cpe:2.3:a:php:php:0.9.1:::::::* cpe:2.3:a:php:php:0.9.0:::::::* cpe:2.3:a:php:php:0.9:::::::* cpe:2.3:a:php:php:0.7:::::::* cpe:2.3:a:php:php:0.6:::::::* cpe:2.3:a:php:php:0.5.3:::::::* cpe:2.3:a:php:php:0.5.2:::::::* cpe:2.3:a:php:php:0.5:::::::* cpe:2.3:a:php:php:0.4:::::::* cpe:2.3:a:php:php:0.3:::::::* cpe:2.3:a:php:php:0.2.4:::::::* cpe:2.3:a:php:php:0.2.3:::::::* cpe:2.3:a:php:php:0.2.2:::::::* cpe:2.3:a:php:php:0.2.1:::::::* cpe:2.3:a:php:php:0.2.0:::::::* cpe:2.3:a:php:php:0.2:::::::* cpe:2.3:a:php:php:0.11:::::::* cpe:2.3:a:php:php:0.10:::::::* cpe:2.3:a:php:php:0.1.1:::::::* cpe:2.3:a:php:php:0.1:::::::* cpe:2.3:a:php:php:::::::: cpe:2.3:a:php:php:-:::::::*	341
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*	3
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:4.0:::::::*	1

OpenVAS Exploits

Date	Description
2012-06-21	Name : PHP version smaller than 5.2.3 File : nvt/nopsec_php_5_2_3.nasl
2012-06-21	Name : PHP version smaller than 5.2.1 File : nvt/nopsec_php_5_2_1.nasl
2012-06-21	Name : PHP version smaller than 5.2.0 File : nvt/nopsec_php_5_2_0.nasl
2012-06-21	Name : PHP version smaller than 4.4.5 File : nvt/nopsec_php_4_4_5.nasl
2010-04-23	Name : PHP Session Data Deserialization Arbitrary Code Execution Vulnerability File : nvt/gb_php_23120.nasl
2010-04-23	Name : PHP Shared Memory Functions Resource Verification Arbitrary Code Execution Vu... File : nvt/gb_php_22862.nasl
2010-04-23	Name : PHP PHP_Binary Heap Information Leak Vulnerability File : nvt/gb_php_22805.nasl
2010-04-21	Name : PHP sqlite_udf_decode_binary() Function Buffer Overflow Vulnerability File : nvt/gb_php_23235.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-10	Name : SLES9: Security update for PHP4 File : nvt/sles9p5017282.nasl
2009-05-05	Name : HP-UX Update for Apache HPSBUX02262 File : nvt/gb_hp_ux_HPSBUX02262.nasl
2009-04-09	Name : Mandriva Update for php MDKSA-2007:187 (php) File : nvt/gb_mandriva_MDKSA_2007_187.nasl
2009-04-09	Name : Mandriva Update for php MDKSA-2007:090 (php) File : nvt/gb_mandriva_MDKSA_2007_090.nasl
2009-04-09	Name : Mandriva Update for php MDKSA-2007:089 (php) File : nvt/gb_mandriva_MDKSA_2007_089.nasl
2009-04-09	Name : Mandriva Update for sqlite MDKSA-2007:091 (sqlite) File : nvt/gb_mandriva_MDKSA_2007_091.nasl
2009-03-23	Name : Ubuntu Update for php5 vulnerabilities USN-455-1 File : nvt/gb_ubuntu_USN_455_1.nasl
2009-02-27	Name : Fedora Update for php FEDORA-2007-526 File : nvt/gb_fedora_2007_526_php_fc5.nasl
2009-02-27	Name : Fedora Update for php FEDORA-2007-2215 File : nvt/gb_fedora_2007_2215_php_fc7.nasl
2009-02-27	Name : Fedora Update for php FEDORA-2007-415 File : nvt/gb_fedora_2007_415_php_fc6.nasl
2009-02-27	Name : Fedora Update for php FEDORA-2007-455 File : nvt/gb_fedora_2007_455_php_fc5.nasl
2009-01-28	Name : SuSE Update for php4,php5 SUSE-SA:2007:020 File : nvt/gb_suse_2007_020.nasl
2009-01-28	Name : SuSE Update for php4,php5 SUSE-SA:2007:032 File : nvt/gb_suse_2007_032.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200703-21 (php) File : nvt/glsa_200703_21.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200710-02 (php) File : nvt/glsa_200710_02.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200705-19 (php) File : nvt/glsa_200705_19.nasl
2008-01-17	Name : Debian Security Advisory DSA 1283-1 (php5) File : nvt/deb_1283_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1282-1 (php4) File : nvt/deb_1282_1.nasl
0000-00-00	Name : Slackware Advisory SSA:2007-152-01 php5 File : nvt/esoft_slk_ssa_2007_152_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
39177	SQlite src/encode.c sqlite_decode_binary Function Overflow
33962	PHP ext/filter FILTER_VALIDATE_EMAIL Newline Injection PHP's ext/filter extension contains a flaw that may allow a malicious user to inject specially crafted mail headers. The issue is triggered due to the FILTER_VALIDATE_EMAIL function using an incorrect regular expression which can be trivially bypassed. By using a newline character, an attacker could potentially use this to send unsolicited e-mail from the host.
33959	PHP php_stream_filter_create() Function php://filter Off-by-one Overflow
33958	PHP sqlite Library sqlite_udf_decode_binary() Function Overflow PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the in parameter of the sqlite_decode_binary function in the bundled sqlite library not properly sanitizing user-supplied input. By supplying crafted input, an attacker can trigger a buffer overflow and potentially execute arbitrary code.
33948	PHP mail() Function Arbitrary Mail Sending PHP contains a flaw that may allow a remote attacker to manipulate mail functionality. The issue is due to mail function not properly sanitizing user-supplied input. By supplying CRLF (newline) characters, an attacker can inject arbitrary e-mail headers which may allow them to send mail to arbitrary hosts by supplying a control character after a Subject: or TO: parameter.
33944	PHP _SESSION unset() Hashtable Manipulation Arbitrary Code Execution PHP contains a flaw that may allow context-dependent attackers to gain elevated privileges. The issue is due to the session extension not properly calculating the reference count for session variables. This may allow an attacker to use a crafted string in the session_register function after unsetting global session variables, thus manipulating the session data Hashtable.
33940	PHP mb_parse_str() register_globals Functionality Invocation PHP contains a flaw that may allow a remote attacker to bypass security restrictions. The issue is due to the mb_parse_str function setting the internal register_globals flag but not properly disabling it in some cases when a script terminates. This may allow an attacker to execute a PHP script with register_globals functionality.
33938	PHP array_user_key_compare() Double DTOR Arbitrary Code Execution PHP contains a flaw that may allow local users to bypass security restrictions and elevate privileges. The issue is due to the array_user_key_compare function making a double call to zval_dtor. This may allow an attacker to bypass the safe_mode security restriction, corrupt system memory and ultimately execute arbitrary code.
33936	PHP session_regenerate_id() Function Double-free Arbitrary Code Execution PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue occurs when an attacker interrupts the session_regenerate_id function (i.e. by calling a userspace error handler) which triggers a double free. This may allow an attacker to execute arbitrary code.
32781	PHP shmop Function Arbitrary Memory Manipulation PHP contains a flaw that may allow a malicious user to access arbitrary memory addresses. The issue is due to the shared memory (shmop) function failing to verify if the type of resource supplied is a shmop resource. By using other types of resources it is possible to read and write to shared memory addresses resulting in a loss of integrity and/or availability.
32780	PHP substr_compare() Function Arbitrary Memory Disclosure An information leak vulnerability exists in PHP. An integer overflow which occurs while performing sanity checks on the input parameters to the substr_compare() function makes it possible to compare offsets outside of the allocated buffer. This allows memory access outside the buffer and the retrieval of sensitive information, leading to a loss of confidentiality.
32776	PHP Session Extension php_binary Heap Information Disclosure The php_binary serialization handler in the PHP session extension is missing a boundary check and may lead to an unauthorized information disclosure. The condition is triggered during the extraction of an overly long php_binary session data format variable name, which will disclose up to 126 bytes of heap data into PHP variables, resulting in a loss of confidentiality.

Nessus® Vulnerability Scanner

Date	Description
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL7859.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0155.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0076.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-090.nasl - Type : ACT_GATHER_INFO
2008-03-25	Name : The remote web server uses a version of PHP that is affected by multiple buff... File : php_5_2_0.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-3290.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-455-1.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora host is missing a security update. File : fedora_2007-2215.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-3289.nasl - Type : ACT_GATHER_INFO
2007-10-09	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-02.nasl - Type : ACT_GATHER_INFO
2007-09-24	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-187.nasl - Type : ACT_GATHER_INFO
2007-08-02	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-007.nasl - Type : ACT_GATHER_INFO
2007-06-04	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-152-01.nasl - Type : ACT_GATHER_INFO
2007-06-02	Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_3.nasl - Type : ACT_GATHER_INFO
2007-05-29	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-19.nasl - Type : ACT_GATHER_INFO
2007-05-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0153.nasl - Type : ACT_GATHER_INFO
2007-05-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0082.nasl - Type : ACT_GATHER_INFO
2007-05-04	Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_7_or_5_2_2.nasl - Type : ACT_GATHER_INFO
2007-04-30	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1283.nasl - Type : ACT_GATHER_INFO
2007-04-30	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0153.nasl - Type : ACT_GATHER_INFO
2007-04-30	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1282.nasl - Type : ACT_GATHER_INFO
2007-04-30	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-455.nasl - Type : ACT_GATHER_INFO
2007-04-30	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-091.nasl - Type : ACT_GATHER_INFO
2007-04-30	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-089.nasl - Type : ACT_GATHER_INFO
2007-04-19	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-415.nasl - Type : ACT_GATHER_INFO
2007-04-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0155.nasl - Type : ACT_GATHER_INFO
2007-04-19	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0155.nasl - Type : ACT_GATHER_INFO
2007-04-02	Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_5.nasl - Type : ACT_GATHER_INFO
2007-04-02	Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_1.nasl - Type : ACT_GATHER_INFO
2007-03-26	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200703-21.nasl - Type : ACT_GATHER_INFO
2007-02-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0081.nasl - Type : ACT_GATHER_INFO
2007-02-23	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-048.nasl - Type : ACT_GATHER_INFO
2007-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0076.nasl - Type : ACT_GATHER_INFO
2007-02-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0076.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:04:20	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	7
CPE ID(s)	345
osvdb(s)	12
Openvas Exploit(s)	28
Nessus® Exploit(s)	34

	Related
7.8	CVE-2007-1718
7.5	CVE-2007-1888
7.5	CVE-2007-1887
7.5	CVE-2007-1700
7.5	CVE-2007-1376
6.8	CVE-2007-1583
6.8	CVE-2007-1521
5.1	CVE-2007-1824
5	CVE-2007-1900
5	CVE-2007-1380
5	CVE-2007-1375
4.6	CVE-2007-1484
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 12 more Alert(s)