CVE - CVE-2007-0906

CVE-ID
CVE-2007-0906	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:22496 URL:http://www.securityfocus.com/bid/22496 BUGTRAQ:20070227 rPSA-2007-0043-1 php php-mysql php-pgsql URL:http://www.securityfocus.com/archive/1/461462/100/0/threaded BUGTRAQ:20070418 rPSA-2007-0073-1 php php-mysql php-pgsql URL:http://www.securityfocus.com/archive/1/466166/100/0/threaded CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm CONFIRM:http://www.php.net/ChangeLog-5.php#5.2.1 CONFIRM:http://www.php.net/releases/5_2_1.php CONFIRM:https://issues.rpath.com/browse/RPL-1088 CONFIRM:https://issues.rpath.com/browse/RPL-1268 DEBIAN:DSA-1264 URL:http://www.us.debian.org/security/2007/dsa-1264 GENTOO:GLSA-200703-21 URL:http://security.gentoo.org/glsa/glsa-200703-21.xml MANDRIVA:MDKSA-2007:048 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:048~~ (Obsolete source) OPENPKG:OpenPKG-SA-2007.010 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html OSVDB:32776 URL:~~http://www.osvdb.org/32776~~ (Obsolete source) OSVDB:34706 URL:~~http://osvdb.org/34706~~ (Obsolete source) OSVDB:34707 URL:~~http://osvdb.org/34707~~ (Obsolete source) OSVDB:34708 URL:~~http://osvdb.org/34708~~ (Obsolete source) OSVDB:34709 URL:~~http://osvdb.org/34709~~ (Obsolete source) OSVDB:34710 URL:~~http://osvdb.org/34710~~ (Obsolete source) OSVDB:34711 URL:~~http://osvdb.org/34711~~ (Obsolete source) OSVDB:34712 URL:~~http://osvdb.org/34712~~ (Obsolete source) OSVDB:34713 URL:~~http://osvdb.org/34713~~ (Obsolete source) OSVDB:34714 URL:~~http://osvdb.org/34714~~ (Obsolete source) OSVDB:34715 URL:~~http://osvdb.org/34715~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:8992 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8992 REDHAT:RHSA-2007:0076 URL:http://www.redhat.com/support/errata/RHSA-2007-0076.html REDHAT:RHSA-2007:0081 URL:http://www.redhat.com/support/errata/RHSA-2007-0081.html REDHAT:RHSA-2007:0082 URL:http://www.redhat.com/support/errata/RHSA-2007-0082.html REDHAT:RHSA-2007:0088 URL:http://www.redhat.com/support/errata/RHSA-2007-0088.html REDHAT:RHSA-2007:0089 URL:http://rhn.redhat.com/errata/RHSA-2007-0089.html SECTRACK:1017671 URL:http://www.securitytracker.com/id?1017671 SECUNIA:24089 URL:http://secunia.com/advisories/24089 SECUNIA:24195 URL:http://secunia.com/advisories/24195 SECUNIA:24217 URL:http://secunia.com/advisories/24217 SECUNIA:24236 URL:http://secunia.com/advisories/24236 SECUNIA:24248 URL:http://secunia.com/advisories/24248 SECUNIA:24284 URL:http://secunia.com/advisories/24284 SECUNIA:24295 URL:http://secunia.com/advisories/24295 SECUNIA:24322 URL:http://secunia.com/advisories/24322 SECUNIA:24419 URL:http://secunia.com/advisories/24419 SECUNIA:24421 URL:http://secunia.com/advisories/24421 SECUNIA:24432 URL:http://secunia.com/advisories/24432 SECUNIA:24514 URL:http://secunia.com/advisories/24514 SECUNIA:24606 URL:http://secunia.com/advisories/24606 SECUNIA:24642 URL:http://secunia.com/advisories/24642 SECUNIA:24945 URL:http://secunia.com/advisories/24945 SECUNIA:26048 URL:http://secunia.com/advisories/26048 SGI:20070201-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc SUSE:SUSE-SA:2007:020 URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html SUSE:SUSE-SA:2007:044 URL:http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html TRUSTIX:2007-0009 URL:~~http://www.trustix.org/errata/2007/0009/~~ (Obsolete source - check if archived by the Wayback Machine) UBUNTU:USN-424-1 URL:http://www.ubuntu.com/usn/usn-424-1 UBUNTU:USN-424-2 URL:http://www.ubuntu.com/usn/usn-424-2 VUPEN:ADV-2007-0546 URL:~~http://www.vupen.com/english/advisories/2007/0546~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20070213	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070213)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)