SB2018101525 - Multiple vulnerabilities in PHP
Published: October 15, 2018 Updated: June 13, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2007-4784)
The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) via a long string in the locale parameter.
2) Input validation error (CVE-ID: CVE-2007-4670)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
3) Input validation error (CVE-ID: CVE-2007-4657)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read.
4) Input validation error (CVE-ID: CVE-2007-4659)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
5) Resource management error (CVE-ID: CVE-2007-4660)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
6) Heap-based buffer overflow (CVE-ID: CVE-2007-4661)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which. A remote attacker can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Buffer overflow (CVE-ID: CVE-2007-4662)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
8) Path traversal (CVE-ID: CVE-2007-4663)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in PHP before 5.2.4. A remote authenticated attacker can send a specially crafted HTTP request and attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
9) Input validation error (CVE-ID: CVE-2007-3996)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2007-3997)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
11) Improper input validation (CVE-ID: CVE-2007-3998)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ''' argument set.
12) Input validation error (CVE-ID: CVE-2007-4507)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions.
13) Input validation error (CVE-ID: CVE-2007-4255)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
14) Buffer overflow (CVE-ID: CVE-2007-4033)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
15) Input validation error (CVE-ID: CVE-2007-4010)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.
16) Input validation error (CVE-ID: CVE-2007-3806)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
17) Input validation error (CVE-ID: CVE-2007-3790)
The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
18) Buffer overflow (CVE-ID: CVE-2007-3294)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.
Remediation
Install update from vendor's website.
References
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
- http://osvdb.org/38687
- http://secunia.com/advisories/27102
- http://secunia.com/advisories/28658
- http://securityreason.com/securityalert/3114
- http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
- http://www.securityfocus.com/archive/1/478627/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36458
- http://rhn.redhat.com/errata/RHSA-2007-0889.html
- http://secunia.com/advisories/26822
- http://secunia.com/advisories/26838
- http://secunia.com/advisories/26871
- http://secunia.com/advisories/26895
- http://secunia.com/advisories/26930
- http://secunia.com/advisories/26967
- http://secunia.com/advisories/27351
- http://secunia.com/advisories/27377
- http://secunia.com/advisories/27545
- http://secunia.com/advisories/27864
- http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
- http://www.php.net/ChangeLog-5.php#5.2.4
- http://www.php.net/releases/5_2_4.php
- http://www.redhat.com/support/errata/RHSA-2007-0888.html
- http://www.redhat.com/support/errata/RHSA-2007-0890.html
- http://www.redhat.com/support/errata/RHSA-2007-0891.html
- http://www.trustix.org/errata/2007/0026/
- http://www.ubuntu.com/usn/usn-549-2
- https://issues.rpath.com/browse/RPL-1693
- https://issues.rpath.com/browse/RPL-1702
- https://launchpad.net/bugs/173043
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11028
- https://usn.ubuntu.com/549-1/
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
- http://secunia.com/advisories/26642
- http://secunia.com/advisories/28249
- http://secunia.com/advisories/28318
- http://secunia.com/advisories/28936
- http://secunia.com/advisories/30288
- http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability/
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
- http://www.debian.org/security/2008/dsa-1444
- http://www.debian.org/security/2008/dsa-1578
- http://www.php.net/ChangeLog-4.php
- http://www.php.net/releases/4_4_8.php
- http://www.vupen.com/english/advisories/2007/3023
- http://www.vupen.com/english/advisories/2008/0059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39399
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36380
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:125
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36390
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36386
- http://bugs.gentoo.org/show_bug.cgi?id=201546
- http://secunia.com/advisories/28009
- http://secunia.com/advisories/28147
- http://secunia.com/advisories/31168
- http://security.gentoo.org/glsa/glsa-200712-13.xml
- http://securityreason.com/securityalert/3103
- http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/
- http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/
- http://www.debian.org/security/2008/dsa-1613
- http://www.ubuntu.com/usn/usn-557-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36382
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36383
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11147
- http://securityreason.com/securityalert/3102
- http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39402
- https://www.exploit-db.com/exploits/4392
- http://secweb.se/en/advisories/php-wordwrap-vulnerability/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10603
- https://www.exploit-db.com/exploits/4304
- http://www.securityfocus.com/archive/1/475660/100/0/threaded
- http://www.securityfocus.com/bid/25213
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35830
- https://www.exploit-db.com/exploits/4260
- http://bugs.gentoo.org/show_bug.cgi?id=193437
- http://fedoranews.org/updates/FEDORA-2007-234.shtml
- http://secunia.com/advisories/26241
- http://secunia.com/advisories/26901
- http://secunia.com/advisories/26981
- http://secunia.com/advisories/26992
- http://secunia.com/advisories/27239
- http://secunia.com/advisories/27297
- http://secunia.com/advisories/27439
- http://secunia.com/advisories/27599
- http://secunia.com/advisories/27718
- http://secunia.com/advisories/27743
- http://secunia.com/advisories/28345
- http://secunia.com/advisories/30168
- http://security.gentoo.org/glsa/glsa-200710-12.xml
- http://security.gentoo.org/glsa/glsa-200711-34.xml
- http://security.gentoo.org/glsa/glsa-200805-13.xml
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0007
- http://www.bugtraq.ir/adv/t1lib.txt
- http://www.debian.org/security/2007/dsa-1390
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:189
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
- http://www.novell.com/linux/security/advisories/2007_23_sr.html
- http://www.redhat.com/support/errata/RHSA-2007-1027.html
- http://www.redhat.com/support/errata/RHSA-2007-1030.html
- http://www.redhat.com/support/errata/RHSA-2007-1031.html
- http://www.securityfocus.com/archive/1/480239/100/100/threaded
- http://www.securityfocus.com/archive/1/480244/100/100/threaded
- http://www.securityfocus.com/archive/1/485823/100/0/threaded
- http://www.securityfocus.com/archive/1/487984/100/0/threaded
- http://www.securityfocus.com/bid/25079
- http://www.securitytracker.com/id?1018905
- http://www.ubuntu.com/usn/usn-515-1
- https://bugzilla.redhat.com/show_bug.cgi?id=303021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35620
- https://issues.rpath.com/browse/RPL-1972
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10557
- https://www.exploit-db.com/exploits/4227
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html
- http://www.securityfocus.com/bid/25041
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35604
- https://www.exploit-db.com/exploits/4218
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log
- http://osvdb.org/36085
- http://secunia.com/advisories/26085
- http://secunia.com/advisories/30158
- http://www.debian.org/security/2008/dsa-1572
- http://www.exploit-db.com/exploits/4181
- http://www.securityfocus.com/bid/24922
- http://www.securityfocus.com/bid/25498
- http://www.vupen.com/english/advisories/2007/2547
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35437
- http://osvdb.org/36854
- https://www.exploit-db.com/exploits/4175
- http://osvdb.org/36853
- http://secunia.com/advisories/25735
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34931
- https://www.exploit-db.com/exploits/4080