Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Debian: DSA-1264-1 Critical PHP Remote Code Execution Risks

debian
Calendar Grey March 7, 2007
Debian Logo
Various PHP security flaws addressed in DSA 1264-1; make certain your installations are current to uphold optimal security measures.
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.

The Common Vu...

Summary


It was discovered that an integer overflow in the str_replace()
function could lead to the execution of arbitrary code.

CVE-2007-0907

It was discovered that a buffer underflow in the sapi_header_op()
function could crash the PHP interpreter.

CVE-2007-0908

Stefan Esser discovered that a programming error in the wddx
extension allows information disclosure.

CVE-2007-0909

It was discovered that a format string vulnerability in the
odbc_result_all() functions allows the execution of arbitrary code.

CVE-2007-0910

It was discovered that super-global variables could be overwritten
with session data.

CVE-2007-0988

Stefan Esser discovered that the zend_hash_init() function could
be tricked into an endless loop, allowing denial of service through
resource consumption until a timeout is triggered.

For the stable distribution (sarge) these problems have been fixed in
version 4:4.3.10-19.

For the unstable distribution (sid) these p...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here