PHP Multiple Vulnerabilities

Posted on Friday, February 09, 2007 @ 07:38:18 PST in Security
by Raven



CRITICAL: Moderately critical

IMPACT: Unknown, Security Bypass, Exposure of sensitive information

WHERE: >From remote

PHP 4.?.? -
PHP 5.1.x -
PHP 5.2.x -

DESCRIPTION: Several vulnerabilities have been reported in PHP. Some have unknown impacts, while others can be exploited to disclose potentially sensitive information or bypass certain security restrictions. Other issues which may be security related have also been reported.

NOTE: Some issues can be triggered remotely under certain circumstances.

1) The "safe_mode" and "open_basedir" protection mechanisms can be bypassed via the session extension.

2) Unspecified overflows can be exploited to cause a stack corruption in the session extension.

3) Stack overflows exist in the "zip", "imap", and "sqlite" extensions.

4) A boundary error within the stream filters can be exploited to cause a buffer overflow.

5) An unspecified overflow exist in the " tr_replace()" function.

6) An unspecified error in the wddx extension can be exploited to disclose potentially sensitive information.

7) An format string error exists in the *print() functions on 64-bit systems.

8) Boundary errors exist within the "mail()" and the "ibase_add_user()", "ibase_delete_user()", and "ibase_modify_user()" and can be exploited to cause buffer overflows.

9) An format string error exists in the odbc_result_all() function.

Update to version 4.4.5.
Update to version 5.2.1.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

click Related        click Share
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 370,003,774
  • Today: 50,800
Server InfoServer Info
  • Oct 23, 2018
  • 01:49 pm PDT

Daily Inspiration