Rapid7 Vulnerability & Exploit Database

SUSE-SA:2007:020: php security problems

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SA:2007:020: php security problems

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

03/15/2007

Created

07/25/2018

Added

04/04/2007

Modified

11/18/2015

Description

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.

Solution(s)

References

https://attackerkb.com/topics/cve-2006-6383
21508
22496
22505
22805
22806
22883
CVE - 2006-6383
CVE - 2007-0906
CVE - 2007-0907
CVE - 2007-0908
CVE - 2007-0909
CVE - 2007-0910
CVE - 2007-0911
CVE - 2007-1380
CVE - 2007-1399
DSA-1264
DSA-1282
DSA-1283
DSA-1330
32763
32764
32765
32766
32767
32776
32782
33952
34706
34707
34708
34709
34710
34711
34712
34713
34714
34715
OVAL10792
OVAL11185
OVAL11321
OVAL8992
OVAL9514
OVAL9722
RHSA-2007:0076
RHSA-2007:0081
RHSA-2007:0082
RHSA-2007:0088
RHSA-2007:0089
20070201-01-P
SUSE-SA:2007:020
SUSE-SA:2007:032
SUSE-SA:2007:044
http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.7&r2=1.336.2.53.2.8
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.36&r2=1.445.2.14.2.37
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:048
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
http://marc.theaimsgroup.com/?l=php-dev&m=117104930526516&w=2
http://marc.theaimsgroup.com/?l=php-dev&m=117106751715609&w=2
http://securityreason.com/achievement_securityalert/43
http://securityreason.com/securityalert/2000
http://securityreason.com/securityalert/2321
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm
http://www.debian.org/security/2007/dsa-1282
http://www.debian.org/security/2007/dsa-1283
http://www.debian.org/security/2007/dsa-1330
http://www.frsirt.com/english/advisories/2007/0546
http://www.frsirt.com/english/advisories/2007/0898
http://www.frsirt.com/english/advisories/2007/1991
http://www.frsirt.com/english/advisories/2007/2374
http://www.mandriva.com/security/advisories?name=MDKSA-2007:038
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048
http://www.milw0rm.com/exploits/3413
http://www.novell.com/linux/security/advisories/2007_20_php.html
http://www.php-security.org/MOPB/MOPB-10-2007.html
http://www.php-security.org/MOPB/MOPB-11-2007.html
http://www.php-security.org/MOPB/MOPB-16-2007.html
http://www.php.net/ChangeLog-5.php#5.2.1
http://www.php.net/releases/5_2_1.php
http://www.securityfocus.com/archive/1/archive/1/453938/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/459856/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/461462/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/466166/100/0/threaded
http://www.trustix.org/errata/2007/0009/
http://www.ubuntu.com/usn/usn-424-1
http://www.ubuntu.com/usn/usn-424-2
http://www.ubuntu.com/usn/usn-455-1
http://www.us.debian.org/security/2007/dsa-1264
https://issues.rpath.com/browse/RPL-1088
https://issues.rpath.com/browse/RPL-1268
32493
32889

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;