SB2018101124 - Multiple vulnerabilities in PHP
Published: October 11, 2018 Updated: June 11, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2008-2107)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.
2) Insufficient Entropy (CVE-ID: CVE-2008-2108)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
3) Buffer overflow (CVE-ID: CVE-2008-2050)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
4) Input validation error (CVE-ID: CVE-2008-2051)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
5) Information disclosure (CVE-ID: CVE-2007-5899)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
6) Input validation error (CVE-ID: CVE-2007-5898)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2007-5900)
The vulnerability allows a local user to execute arbitrary code.
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2007-5447)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
9) Input validation error (CVE-ID: CVE-2007-4889)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
10) Input validation error (CVE-ID: CVE-2007-4887)
The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) via a long string in the library parameter.
11) Input validation error (CVE-ID: CVE-2007-4840)
The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function.
12) Path traversal (CVE-ID: CVE-2007-4825)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in PHP 5.2.4 and earlier. A remote authenticated attacker can send a specially crafted HTTP request and attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a . (dot dot) in the dl function.
13) Input validation error (CVE-ID: CVE-2007-4783)
The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter.
Remediation
Install update from vendor's website.
References
- http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
- http://secunia.com/advisories/30757
- http://secunia.com/advisories/30828
- http://secunia.com/advisories/30967
- http://secunia.com/advisories/31119
- http://secunia.com/advisories/31124
- http://secunia.com/advisories/31200
- http://secunia.com/advisories/32746
- http://secunia.com/advisories/35003
- http://security.gentoo.org/glsa/glsa-200811-05.xml
- http://securityreason.com/securityalert/3859
- http://www.debian.org/security/2009/dsa-1789
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:125
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:128
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:129
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:130
- http://www.redhat.com/support/errata/RHSA-2008-0505.html
- http://www.redhat.com/support/errata/RHSA-2008-0544.html
- http://www.redhat.com/support/errata/RHSA-2008-0545.html
- http://www.redhat.com/support/errata/RHSA-2008-0546.html
- http://www.redhat.com/support/errata/RHSA-2008-0582.html
- http://www.securityfocus.com/archive/1/491683/100/0/threaded
- http://www.sektioneins.de/advisories/SE-2008-02.txt
- http://www.ubuntu.com/usn/usn-628-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42284
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10844
- http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u
- http://www.php.net/ChangeLog-5.php
- http://www.openwall.com/lists/oss-security/2008/05/02/2
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
- https://issues.rpath.com/browse/RPL-2503
- http://www.securityfocus.com/bid/29009
- http://secunia.com/advisories/30048
- http://secunia.com/advisories/30345
- http://secunia.com/advisories/31326
- http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
- http://www.debian.org/security/2008/dsa-1572
- http://secunia.com/advisories/30158
- http://secunia.com/advisories/30083
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
- http://www.vupen.com/english/advisories/2008/2268
- http://www.vupen.com/english/advisories/2008/1412
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42133
- http://www.securityfocus.com/archive/1/492535/100/0/threaded
- http://secunia.com/advisories/30288
- http://secunia.com/advisories/30411
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
- http://www.debian.org/security/2008/dsa-1578
- http://www.securityfocus.com/archive/1/492671/100/0/threaded
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256
- http://bugs.php.net/bug.php?id=42869
- http://osvdb.org/38918
- http://secunia.com/advisories/27659
- http://secunia.com/advisories/27864
- http://secunia.com/advisories/28249
- http://secunia.com/advisories/30040
- http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
- http://www.debian.org/security/2008/dsa-1444
- http://www.php.net/ChangeLog-5.php#5.2.5
- http://www.php.net/releases/5_2_5.php
- http://www.securityfocus.com/archive/1/491693/100/0/threaded
- http://www.ubuntu.com/usn/usn-549-2
- https://issues.rpath.com/browse/RPL-1943
- https://launchpad.net/bugs/173043
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11211
- https://usn.ubuntu.com/549-1/
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
- http://secunia.com/advisories/27648
- http://secunia.com/advisories/28658
- http://securitytracker.com/id?1018934
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10080
- http://bugs.php.net/bug.php?id=41561
- http://osvdb.org/41708
- http://secunia.com/advisories/27178
- http://www.securityfocus.com/bid/26024
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37227
- https://www.exploit-db.com/exploits/4517
- http://securityreason.com/securityalert/3134
- http://www.securityfocus.com/archive/1/479082/100/0/threaded
- http://www.securityfocus.com/archive/1/479187/100/200/threaded
- http://www.securityfocus.com/archive/1/479189/100/200/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36555
- http://docs.info.apple.com/article.html?artnum=307562
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://secunia.com/advisories/27102
- http://secunia.com/advisories/28750
- http://secunia.com/advisories/29420
- http://securityreason.com/securityalert/3133
- http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
- http://www.securityfocus.com/archive/1/478985/100/0/threaded
- http://www.securityfocus.com/archive/1/478988/100/0/threaded
- http://www.securityfocus.com/bid/26403
- http://www.vupen.com/english/advisories/2007/3825
- http://www.vupen.com/english/advisories/2008/0398
- http://www.vupen.com/english/advisories/2008/0924/references
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767
- http://osvdb.org/38916
- http://securityreason.com/securityalert/3122
- http://www.securityfocus.com/archive/1/478730/100/0/threaded
- http://osvdb.org/45902
- http://securityreason.com/securityalert/3119
- http://www.securityfocus.com/archive/1/478989/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36528
- http://osvdb.org/38917
- http://securityreason.com/securityalert/3115
- http://www.securityfocus.com/archive/1/478637/100/0/threaded