Rapid7 Vulnerability & Exploit Database

CESA-2007:0155: php security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

CESA-2007:0155: php security update

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:C/A:N)

Published

03/27/2007

Created

07/25/2018

Added

03/12/2010

Modified

07/04/2017

Description

Updated PHP packages that fix several security issues are now available for CentOS Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285) A flaw was found in the way PHP's unserialize() function processed data. If a remote attacker was able to pass arbitrary data to PHP's unserialize() function, they could possibly execute arbitrary code as the apache user. (CVE-2007-1286) A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583) A double free flaw was found in PHP's session_decode() function. If a remote attacker was able to pass arbitrary data to PHP's session_decode() function, they could possibly execute arbitrary code as the apache user. (CVE-2007-1711) A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718) A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001) A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary string using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues.

Solution(s)

centos-upgrade-php
centos-upgrade-php-devel
centos-upgrade-php-domxml
centos-upgrade-php-gd
centos-upgrade-php-imap
centos-upgrade-php-ldap
centos-upgrade-php-mbstring
centos-upgrade-php-mysql
centos-upgrade-php-ncurses
centos-upgrade-php-odbc
centos-upgrade-php-pear
centos-upgrade-php-pgsql
centos-upgrade-php-snmp
centos-upgrade-php-xmlrpc

References

https://attackerkb.com/topics/cve-2007-0455
APPLE-SA-2007-07-31
22289
22764
22765
23016
23121
23145
23357
25159
CESA-2007:0155
CVE - 2007-0455
CVE - 2007-1001
CVE - 2007-1285
CVE - 2007-1286
CVE - 2007-1583
CVE - 2007-1711
CVE - 2007-1718
DSA-1282
DSA-1283
32769
32771
OVAL10179
OVAL10245
OVAL10406
OVAL10951
OVAL11017
OVAL11303
OVAL11575
RHSA-2007:0082
RHSA-2007:0153
RHSA-2007:0154
RHSA-2007:0155
RHSA-2007:0162
RHSA-2007:0163
RHSA-2008:0146
SUSE-SA:2007:032
SUSE-SA:2007:044
32796
33453
33516
33575

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;