MitreCVELIST:CVE-2007-3806CVE-2007-3806
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
References
cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167
cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log
osvdb.org/36085
secunia.com/advisories/26085
secunia.com/advisories/26642
secunia.com/advisories/27102
secunia.com/advisories/30158
secunia.com/advisories/30288
www.debian.org/security/2008/dsa-1572
www.debian.org/security/2008/dsa-1578
www.exploit-db.com/exploits/4181
www.gentoo.org/security/en/glsa/glsa-200710-02.xml
www.php.net/ChangeLog-5.php#5.2.4
www.php.net/releases/5_2_4.php
www.securityfocus.com/bid/24922
www.securityfocus.com/bid/25498
www.vupen.com/english/advisories/2007/2547
exchange.xforce.ibmcloud.com/vulnerabilities/35437
Related
