Информационная безопасность
[RU] switch to English


CVECVE-2007-0906
СтатусCandidate
ОписаниеMultiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions.  NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885).  NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).
Важность
High
CVSS score7,5
CVSS vector(AV:N/AC:L/Au:N/C:P/I:P/A:P)
PhaseAssigned (20.09.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0906
ReferencesSECTRACK : 1017671
 TRUSTIX : 2007-0009
 SGI : 20070201-01-P
 BUGTRAQ : 20070227 rPSA-2007-0043-1 php php-mysql php-pgsql
 BUGTRAQ : 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql
 BID : 22496
 SECUNIA : 24089
 SECUNIA : 24195
 SECUNIA : 24217
 SECUNIA : 24236
 SECUNIA : 24248
 SECUNIA : 24284
 SECUNIA : 24295
 SECUNIA : 24322
 SECUNIA : 24419
 SECUNIA : 24421
 SECUNIA : 24432
 SECUNIA : 24514
 SECUNIA : 24606
 SECUNIA : 24642
 SECUNIA : 24945
 OSVDB : 32776
 FRSIRT : ADV-2007-0546
 DEBIAN : DSA-1264
 GENTOO : GLSA-200703-21
 CONFIRM : http://support.avaya.com/elmodocs2/security/ASA-20...
 CONFIRM : http://support.avaya.com/elmodocs2/security/ASA-20...
 CONFIRM : http://www.php.net/ChangeLog-5.php#5.2.1
 CONFIRM : http://www.php.net/releases/5_2_1.php
 CONFIRM : https://issues.rpath.com/browse/RPL-1088
 CONFIRM : https://issues.rpath.com/browse/RPL-1268
 MANDRIVA : MDKSA-2007:048
 OPENPKG : OpenPKG-SA-2007.010
 REDHAT : RHSA-2007:0076
 REDHAT : RHSA-2007:0081
 REDHAT : RHSA-2007:0082
 REDHAT : RHSA-2007:0088
 REDHAT : RHSA-2007:0089
 SUSE : SUSE-SA:2007:020
 UBUNTU : USN-424-1
 UBUNTU : USN-424-2
SecurityVulns:Многочисленные уязвимости в PHP (multiple bugs)
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород