SB2018101625 - Multiple vulnerabilities in PHP
Published: October 16, 2018 Updated: June 13, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2007-1711)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).
2) Input validation error (CVE-ID: CVE-2007-1475)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument. Successful exploitation requires that the Interbase extension is installed.
3) Input validation error (CVE-ID: CVE-2007-1484)
The vulnerability allows a local user to read and manipulate data.
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.
4) Input validation error (CVE-ID: CVE-2007-1412)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.
5) Buffer overflow (CVE-ID: CVE-2007-1413)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id). Failed exploit attempts will likely cause a denial of serivce on the webserver.
6) Input validation error (CVE-ID: CVE-2007-1411)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.
7) Uncontrolled Recursion (CVE-ID: CVE-2007-1285)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
8) Cross-site scripting (CVE-ID: CVE-2007-1287)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.
References
- http://docs.info.apple.com/article.html?artnum=306172
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
- http://rhn.redhat.com/errata/RHSA-2007-0154.html
- http://rhn.redhat.com/errata/RHSA-2007-0155.html
- http://rhn.redhat.com/errata/RHSA-2007-0163.html
- http://secunia.com/advisories/24910
- http://secunia.com/advisories/24924
- http://secunia.com/advisories/24941
- http://secunia.com/advisories/24945
- http://secunia.com/advisories/25025
- http://secunia.com/advisories/25062
- http://secunia.com/advisories/25445
- http://secunia.com/advisories/26235
- http://security.gentoo.org/glsa/glsa-200705-19.xml
- http://www.debian.org/security/2007/dsa-1282
- http://www.debian.org/security/2007/dsa-1283
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
- http://www.php-security.org/MOPB/MOPB-32-2007.html
- http://www.securityfocus.com/archive/1/466166/100/0/threaded
- http://www.securityfocus.com/bid/23121
- http://www.securityfocus.com/bid/25159
- http://www.vupen.com/english/advisories/2007/2732
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33575
- https://issues.rpath.com/browse/RPL-1268
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10406
- http://retrogod.altervista.org/php_446_ibase_connect_bof.html
- http://secunia.com/advisories/24529
- http://securityreason.com/securityalert/2439
- http://www.securityfocus.com/archive/1/462931/100/0/threaded
- http://www.securityfocus.com/bid/22976
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33019
- https://www.exploit-db.com/exploits/3488
- http://secunia.com/advisories/24542
- http://secunia.com/advisories/25056
- http://secunia.com/advisories/25057
- http://us2.php.net/releases/4_4_7.php
- http://us2.php.net/releases/5_2_2.php
- http://www.novell.com/linux/security/advisories/2007_32_php.html
- http://www.php-security.org/MOPB/MOPB-24-2007.html
- http://www.securityfocus.com/bid/22990
- http://www.ubuntu.com/usn/usn-455-1
- http://www.securityfocus.com/bid/22897
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32986
- https://www.exploit-db.com/exploits/3442
- http://retrogod.altervista.org/php_446_snmpget_local_bof.html
- http://secunia.com/advisories/24440
- http://www.securityfocus.com/bid/22893
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35517
- https://www.exploit-db.com/exploits/3439
- https://www.exploit-db.com/exploits/4204
- http://retrogod.altervista.org/php_446_mssql_connect_bof.html
- http://secunia.com/advisories/24353
- http://securityreason.com/securityalert/2407
- http://www.securityfocus.com/archive/1/462010/100/0/threaded
- http://www.securityfocus.com/bid/22832
- http://www.vupen.com/english/advisories/2007/0867
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32885
- http://www.php-security.org/MOPB/MOPB-03-2007.html
- http://www.redhat.com/support/errata/RHSA-2007-0082.html
- http://www.securityfocus.com/bid/22764
- http://www.securitytracker.com/id?1017771
- http://www.redhat.com/support/errata/RHSA-2007-0162.html
- http://secunia.com/advisories/24909
- http://www.php.net/ChangeLog-5.php#5.2.4
- http://www.php.net/releases/5_2_4.php
- https://launchpad.net/bugs/173043
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:089
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:090
- http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
- http://www.ubuntu.com/usn/usn-549-2
- http://www.osvdb.org/32769
- http://secunia.com/advisories/26048
- http://secunia.com/advisories/26642
- http://secunia.com/advisories/27864
- http://www.php.net/ChangeLog-4.php
- http://www.php.net/releases/4_4_8.php
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
- http://secunia.com/advisories/28936
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017
- https://usn.ubuntu.com/549-1/
- http://www.osvdb.org/32774
- http://www.php-security.org/MOPB/MOPB-08-2007.html