OpenPKG Security Advisory
OpenPKG-SA-2007.010
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2007.010 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.010 Advisory Published: 2010-09-03 22:01 UTC Issue Id (internal): OpenPKG-SI-20070211.02 Issue First Created: 2007-02-11 Issue Last Modified: 2007-02-23 Issue Revision: 12
Subject Name: php Subject Summary: Programming Language Subject Home: http://www.php.net/ Subject Versions: * <= 5.2.0 Vulnerability Id: CVE-2006-6383, CVE-2007-0905, CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system, remote network Attack Impact: denial of service, exposure of sensitive information, manipulation of data, arbitrary code execution Description: According to a vendor release announcement [0], multiple vulnerabilities exist in the programming language PHP [1], version up to and including 5.2.0. PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. (CVE-2007-0905; possibly duplicate of CVE-2006-6383) Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the session, imap and sqlite extensions; and the str_replace function. (CVE-2007-0906) Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. (CVE-2007-0907) The wddx extension in PHP before 5.2.1 allows remote attackers to obtain sensitive information via unspecified vectors. (CVE-2007-0908) Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to all of the *print functions on 64-bit systems, and the odbc_result_all function. (CVE-2007-0909) Unspecified vulnerability PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. (CVE-2007-0910) If unserializing untrusted data on 64-bit platforms the zend_hash_init() function can be forced to enter an infinite loop, consuming CPU resources, for a limited length of time, until the script timeout alarm aborts the script. (CVE-2007-0988) References: [0] http://www.php.net/releases/5_2_1.php [1] http://www.php.net/
Primary Package Name: php Primary Package Home: http://openpkg.org/go/package/php Affected Distribution: Affected Branch: Affected Package: OpenPKG Enterprise E1.0-SOLID apache-1.3.37-E1.0.1 OpenPKG Enterprise E1.0-SOLID php-5.1.6-E1.0.1 OpenPKG Community 2-STABLE-20061018 apache-1.3.37-2.20070207 OpenPKG Community 2-STABLE-20061018 php-5.2.0-2.20061103 OpenPKG Community 2-STABLE apache-1.3.37-2.20070207 OpenPKG Community 2-STABLE php-5.2.0-2.20061212 OpenPKG Community CURRENT apache-1.3.37-20070206 OpenPKG Community CURRENT php-5.2.0-20070101 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID apache-1.3.37-E1.0.2 OpenPKG Enterprise E1.0-SOLID php-5.1.6-E1.0.2 OpenPKG Community 2-STABLE-20061018 apache-1.3.37-2.20070211 OpenPKG Community 2-STABLE-20061018 php-5.2.1-2.20070211 OpenPKG Community 2-STABLE apache-1.3.37-2.20070211 OpenPKG Community 2-STABLE php-5.2.1-2.20070211 OpenPKG Community CURRENT apache-1.3.37-20070208 OpenPKG Community CURRENT php-5.2.1-20070208
