PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A number of buffer overflow flaws were found in the PHP session extension;
the str_replace() function; and the imap_mail_compose() function. If very
long strings were passed to the str_replace() function, an integer overflow
could occur in memory allocation. If a script used the imap_mail_compose()
function to create a new MIME message based on an input body from an
untrusted source, it could result in a heap overflow. An attacker with
access to a PHP application affected by any these issues could trigger the
flaws and possibly execute arbitrary code as the ‘apache’ user.
(CVE-2007-0906)
When unserializing untrusted data on 64-bit platforms, the zend_hash_init()
function could be forced into an infinite loop, consuming CPU resources for
a limited time, until the script timeout alarm aborted execution of the
script. (CVE-2007-0988)
If the wddx extension was used to import WDDX data from an untrusted
source, certain WDDX input packets could expose a random portion of heap
memory. (CVE-2007-0908)
If the odbc_result_all() function was used to display data from a database,
and the database table contents were under an attacker’s control, a format
string vulnerability was possible which could allow arbitrary code
execution. (CVE-2007-0909)
A one byte memory read always occurs before the beginning of a buffer. This
could be triggered, for example, by any use of the header() function in a
script. However it is unlikely that this would have any effect.
(CVE-2007-0907)
Several flaws in PHP could allow attackers to “clobber” certain
super-global variables via unspecified vectors. (CVE-2007-0910)
Red Hat would like to thank Stefan Esser for his help diagnosing these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | i386 | php-mbstring | < 5.1.6-3.el4s1.5 | php-mbstring-5.1.6-3.el4s1.5.i386.rpm |
RedHat | 4 | x86_64 | php-odbc | < 5.1.6-3.el4s1.5 | php-odbc-5.1.6-3.el4s1.5.x86_64.rpm |
RedHat | 4 | x86_64 | php-pdo | < 5.1.6-3.el4s1.5 | php-pdo-5.1.6-3.el4s1.5.x86_64.rpm |
RedHat | 4 | x86_64 | php-ncurses | < 5.1.6-3.el4s1.5 | php-ncurses-5.1.6-3.el4s1.5.x86_64.rpm |
RedHat | 4 | i386 | php-ncurses | < 5.1.6-3.el4s1.5 | php-ncurses-5.1.6-3.el4s1.5.i386.rpm |
RedHat | 4 | x86_64 | php-xml | < 5.1.6-3.el4s1.5 | php-xml-5.1.6-3.el4s1.5.x86_64.rpm |
RedHat | 4 | x86_64 | php-common | < 5.1.6-3.el4s1.5 | php-common-5.1.6-3.el4s1.5.x86_64.rpm |
RedHat | 4 | x86_64 | php-gd | < 5.1.6-3.el4s1.5 | php-gd-5.1.6-3.el4s1.5.x86_64.rpm |
RedHat | 4 | x86_64 | php-snmp | < 5.1.6-3.el4s1.5 | php-snmp-5.1.6-3.el4s1.5.x86_64.rpm |
RedHat | 4 | x86_64 | php-bcmath | < 5.1.6-3.el4s1.5 | php-bcmath-5.1.6-3.el4s1.5.x86_64.rpm |