Multiple vulnerabilities in PHP
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2007-4782 CVE-2007-2872 CVE-2007-3007 CVE-2007-1887 |
| CWE-ID | CWE-20 CWE-264 CWE-120 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU110364
Risk: Medium
CVSSv4.0: N/A
CVE-ID: CVE-2007-4782
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.2.2
CPE2.3- cpe:2.3:a:php_group:php:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
https://osvdb.org/38686
https://secunia.com/advisories/27102
https://secunia.com/advisories/28658
https://secunia.com/advisories/30828
https://secunia.com/advisories/31119
https://secunia.com/advisories/31200
https://securityreason.com/securityalert/3109
https://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2009:022
https://www.mandriva.com/security/advisories?name=MDVSA-2009:023
https://www.redhat.com/support/errata/RHSA-2008-0505.html
https://www.redhat.com/support/errata/RHSA-2008-0544.html
https://www.redhat.com/support/errata/RHSA-2008-0545.html
https://www.redhat.com/support/errata/RHSA-2008-0582.html
https://www.securityfocus.com/archive/1/478626/100/0/threaded
https://www.securityfocus.com/archive/1/478630/100/0/threaded
https://www.securityfocus.com/archive/1/478726/100/0/threaded
https://www.ubuntu.com/usn/usn-628-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/36457
https://exchange.xforce.ibmcloud.com/vulnerabilities/36461
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10897
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU110393
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2007-2872
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.0.0 - 5.2.2
CPE2.3- cpe:2.3:a:php_group:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.3:*:*:*:*:*:*:*
https://www.php.net/releases/5_2_3.php
https://www.sec-consult.com/291.html
https://issues.rpath.com/browse/RPL-1702
https://issues.rpath.com/browse/RPL-1693
https://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
https://launchpad.net/bugs/173043
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
https://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
https://www.mandriva.com/security/advisories?name=MDKSA-2007:187
https://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html
https://www.redhat.com/support/errata/RHSA-2007-0890.html
https://rhn.redhat.com/errata/RHSA-2007-0889.html
https://www.redhat.com/support/errata/RHSA-2007-0888.html
https://www.redhat.com/support/errata/RHSA-2007-0891.html
https://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
https://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
https://www.trustix.org/errata/2007/0023/
https://www.ubuntu.com/usn/usn-549-2
https://www.securityfocus.com/bid/24261
https://www.securitytracker.com/id?1018186
https://secunia.com/advisories/25535
https://secunia.com/advisories/25456
https://secunia.com/advisories/26048
https://secunia.com/advisories/26231
https://secunia.com/advisories/26838
https://secunia.com/advisories/26930
https://secunia.com/advisories/26871
https://secunia.com/advisories/26895
https://secunia.com/advisories/26967
https://secunia.com/advisories/27037
https://secunia.com/advisories/27110
https://secunia.com/advisories/27351
https://secunia.com/advisories/27377
https://secunia.com/advisories/27545
https://secunia.com/advisories/27102
https://secunia.com/advisories/27864
https://www.php.net/ChangeLog-4.php
https://www.php.net/releases/4_4_8.php
https://secunia.com/advisories/28318
https://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
https://secunia.com/advisories/28658
https://secunia.com/advisories/28750
https://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
https://secunia.com/advisories/28936
https://secunia.com/advisories/30040
https://www.vupen.com/english/advisories/2008/0059
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
https://www.vupen.com/english/advisories/2007/2061
https://www.vupen.com/english/advisories/2007/3386
https://www.vupen.com/english/advisories/2008/0398
https://osvdb.org/36083
https://exchange.xforce.ibmcloud.com/vulnerabilities/39398
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424
https://usn.ubuntu.com/549-1/
https://www.securityfocus.com/archive/1/491693/100/0/threaded
https://www.securityfocus.com/archive/1/470244/100/0/threaded
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU110394
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2007-3007
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: before
CPE2.3 External linkshttps://bugs.php.net/bug.php?id=41492
https://www.php.net/releases/5_2_3.php
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
https://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
https://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
https://www.trustix.org/errata/2007/0023/
https://www.securityfocus.com/bid/24259
https://secunia.com/advisories/25456
https://secunia.com/advisories/26048
https://secunia.com/advisories/26231
https://secunia.com/advisories/27110
https://secunia.com/advisories/27102
https://osvdb.org/36084
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU110411
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2007-1887
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: before
CPE2.3 External linkshttps://www.php-security.org/MOPB/MOPB-41-2007.html
https://www.php.net/releases/5_2_1.php
https://www.securityfocus.com/bid/23235
https://www.debian.org/security/2007/dsa-1283
https://www.ubuntu.com/usn/usn-455-1
https://secunia.com/advisories/25062
https://secunia.com/advisories/25057
https://secunia.com/advisories/24909
https://www.php.net/releases/5_2_3.php
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
https://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
https://www.mandriva.com/security/advisories?name=MDKSA-2007:088
https://www.mandriva.com/security/advisories?name=MDKSA-2007:089
https://secunia.com/advisories/27037
https://secunia.com/advisories/27110
https://secunia.com/advisories/27102
https://www.vupen.com/english/advisories/2007/3386
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
https://www.vupen.com/english/advisories/2007/2016
https://exchange.xforce.ibmcloud.com/vulnerabilities/33766
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5348
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
