SB2018101912 - Multiple vulnerabilities in PHP
Published: October 19, 2018 Updated: June 13, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2007-2748)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
2) Buffer overflow (CVE-ID: CVE-2007-1864)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
3) Input validation error (CVE-ID: CVE-2007-1900)
The vulnerability allows a remote non-authenticated attacker to corrupt data.
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a ' ' character, which causes a regular expression to ignore the subsequent part of the address string.
4) Buffer overflow (CVE-ID: CVE-2007-1709)
The vulnerability allows a local user to read and manipulate data.
Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.
5) Input validation error (CVE-ID: CVE-2007-1649)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.
6) Input validation error (CVE-ID: CVE-2007-1521)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.
7) Input validation error (CVE-ID: CVE-2007-1522)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.
8) Stack-based buffer overflow (CVE-ID: CVE-2007-1399)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Input validation error (CVE-ID: CVE-2007-1375)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
10) Input validation error (CVE-ID: CVE-2007-0911)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
Remediation
Install update from vendor's website.
References
- http://osvdb.org/34730
- http://secunia.com/advisories/26895
- http://us2.php.net/releases/5_2_2.php
- http://www.attrition.org/pipermail/vim/2007-May/001621.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
- http://www.novell.com/linux/security/advisories/2007_15_sr.html
- http://www.securityfocus.com/bid/24012
- http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
- http://osvdb.org/34674
- http://secunia.com/advisories/25187
- http://secunia.com/advisories/25191
- http://secunia.com/advisories/25255
- http://secunia.com/advisories/25445
- http://secunia.com/advisories/25660
- http://secunia.com/advisories/25938
- http://secunia.com/advisories/25945
- http://secunia.com/advisories/26048
- http://secunia.com/advisories/26102
- http://secunia.com/advisories/27377
- http://security.gentoo.org/glsa/glsa-200705-19.xml
- http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm
- http://us2.php.net/releases/4_4_7.php
- http://www.debian.org/security/2007/dsa-1330
- http://www.debian.org/security/2007/dsa-1331
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:102
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:103
- http://www.redhat.com/support/errata/RHSA-2007-0349.html
- http://www.redhat.com/support/errata/RHSA-2007-0355.html
- http://www.securityfocus.com/bid/23813
- http://www.securitytracker.com/id?1018024
- http://www.trustix.org/errata/2007/0017/
- http://www.ubuntu.com/usn/usn-485-1
- http://www.vupen.com/english/advisories/2007/2187
- https://issues.rpath.com/browse/RPL-1693
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11257
- https://rhn.redhat.com/errata/RHSA-2007-0348.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
- http://secunia.com/advisories/24824
- http://secunia.com/advisories/25056
- http://secunia.com/advisories/25057
- http://secunia.com/advisories/25062
- http://secunia.com/advisories/25535
- http://secunia.com/advisories/26231
- http://secunia.com/advisories/27037
- http://secunia.com/advisories/27102
- http://secunia.com/advisories/27110
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
- http://www.debian.org/security/2007/dsa-1283
- http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
- http://www.novell.com/linux/security/advisories/2007_32_php.html
- http://www.osvdb.org/33962
- http://www.php.net/releases/5_2_3.php
- http://www.php-security.org/MOPB/PMOPB-45-2007.html
- http://www.securityfocus.com/bid/23359
- http://www.trustix.org/errata/2007/0023/
- http://www.ubuntu.com/usn/usn-455-1
- http://www.vupen.com/english/advisories/2007/2016
- http://www.vupen.com/english/advisories/2007/3386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33510
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
- http://retrogod.altervista.org/php521_phpdoc_bof.html
- http://securityreason.com/securityalert/2512
- http://www.securityfocus.com/archive/1/463843/100/0/threaded
- http://www.securityfocus.com/bid/23124
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33236
- https://www.exploit-db.com/exploits/3576
- http://secunia.com/advisories/24630
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
- http://www.php-security.org/MOPB/MOPB-29-2007.html
- http://www.securityfocus.com/bid/23105
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33170
- http://docs.info.apple.com/article.html?artnum=306172
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
- http://secunia.com/advisories/24505
- http://secunia.com/advisories/25025
- http://secunia.com/advisories/26235
- http://www.debian.org/security/2007/dsa-1282
- http://www.php-security.org/MOPB/MOPB-22-2007.html
- http://www.securityfocus.com/bid/22968
- http://www.securityfocus.com/bid/25159
- http://www.vupen.com/english/advisories/2007/0960
- http://www.vupen.com/english/advisories/2007/2732
- http://www.php-security.org/MOPB/MOPB-23-2007.html
- http://www.securityfocus.com/bid/22971
- http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
- http://secunia.com/advisories/24471
- http://secunia.com/advisories/24514
- http://www.osvdb.org/32782
- http://www.php-security.org/MOPB/MOPB-16-2007.html
- http://www.securityfocus.com/bid/22883
- http://www.vupen.com/english/advisories/2007/0898
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32889
- http://secunia.com/advisories/24606
- http://security.gentoo.org/glsa/glsa-200703-21.xml
- http://www.osvdb.org/32780
- http://www.php-security.org/MOPB/MOPB-14-2007.html
- http://www.securityfocus.com/bid/22851
- https://www.exploit-db.com/exploits/3424
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.36&r2=1.445.2.14.2.37
- http://marc.info/?l=php-dev&m=117104930526516&w=2
- http://marc.info/?l=php-dev&m=117106751715609&w=2
- http://osvdb.org/33952
- http://www.securityfocus.com/archive/1/459856/100/0/threaded
- http://www.securityfocus.com/bid/22505