CVE - CVE-2007-0906

CVE-ID
CVE-2007-0906	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070227 rPSA-2007-0043-1 php php-mysql php-pgsql URL:http://www.securityfocus.com/archive/1/461462/100/0/threaded BUGTRAQ:20070418 rPSA-2007-0073-1 php php-mysql php-pgsql URL:http://www.securityfocus.com/archive/1/466166/100/0/threaded CONFIRM:http://www.php.net/ChangeLog-5.php#5.2.1 CONFIRM:http://www.php.net/releases/5_2_1.php CONFIRM:https://issues.rpath.com/browse/RPL-1088 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm CONFIRM:https://issues.rpath.com/browse/RPL-1268 DEBIAN:DSA-1264 URL:http://www.us.debian.org/security/2007/dsa-1264 GENTOO:GLSA-200703-21 URL:http://security.gentoo.org/glsa/glsa-200703-21.xml MANDRIVA:MDKSA-2007:048 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:048 OPENPKG:OpenPKG-SA-2007.010 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html REDHAT:RHSA-2007:0076 URL:http://www.redhat.com/support/errata/RHSA-2007-0076.html REDHAT:RHSA-2007:0081 URL:http://www.redhat.com/support/errata/RHSA-2007-0081.html REDHAT:RHSA-2007:0089 URL:http://rhn.redhat.com/errata/RHSA-2007-0089.html REDHAT:RHSA-2007:0088 URL:http://www.redhat.com/support/errata/RHSA-2007-0088.html REDHAT:RHSA-2007:0082 URL:http://www.redhat.com/support/errata/RHSA-2007-0082.html SGI:20070201-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc SUSE:SUSE-SA:2007:020 URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html SUSE:SUSE-SA:2007:044 URL:http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html TRUSTIX:2007-0009 URL:http://www.trustix.org/errata/2007/0009/ UBUNTU:USN-424-1 URL:http://www.ubuntu.com/usn/usn-424-1 UBUNTU:USN-424-2 URL:http://www.ubuntu.com/usn/usn-424-2 BID:22496 URL:http://www.securityfocus.com/bid/22496 OVAL:oval:org.mitre.oval:def:8992 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8992 VUPEN:ADV-2007-0546 URL:http://www.vupen.com/english/advisories/2007/0546 OSVDB:32776 URL:http://www.osvdb.org/32776 OSVDB:34706 URL:http://osvdb.org/34706 OSVDB:34707 URL:http://osvdb.org/34707 OSVDB:34708 URL:http://osvdb.org/34708 OSVDB:34709 URL:http://osvdb.org/34709 OSVDB:34710 URL:http://osvdb.org/34710 OSVDB:34711 URL:http://osvdb.org/34711 OSVDB:34712 URL:http://osvdb.org/34712 OSVDB:34713 URL:http://osvdb.org/34713 OSVDB:34714 URL:http://osvdb.org/34714 OSVDB:34715 URL:http://osvdb.org/34715 SECTRACK:1017671 URL:http://www.securitytracker.com/id?1017671 SECUNIA:24089 URL:http://secunia.com/advisories/24089 SECUNIA:24195 URL:http://secunia.com/advisories/24195 SECUNIA:24217 URL:http://secunia.com/advisories/24217 SECUNIA:24248 URL:http://secunia.com/advisories/24248 SECUNIA:24236 URL:http://secunia.com/advisories/24236 SECUNIA:24295 URL:http://secunia.com/advisories/24295 SECUNIA:24322 URL:http://secunia.com/advisories/24322 SECUNIA:24432 URL:http://secunia.com/advisories/24432 SECUNIA:24421 URL:http://secunia.com/advisories/24421 SECUNIA:24514 URL:http://secunia.com/advisories/24514 SECUNIA:24606 URL:http://secunia.com/advisories/24606 SECUNIA:24642 URL:http://secunia.com/advisories/24642 SECUNIA:24945 URL:http://secunia.com/advisories/24945 SECUNIA:24284 URL:http://secunia.com/advisories/24284 SECUNIA:24419 URL:http://secunia.com/advisories/24419 SECUNIA:26048 URL:http://secunia.com/advisories/26048
Assigning CNA
N/A
Date Entry Created
20070213	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070213)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org