FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-0908

This CVE name corresponds to:

Entered	Topic
2007-02-17	php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-0908 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2007-0908
Phase	Assigned(20070213)

Description

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.

References

Source	Reference
BUGTRAQ	20070227 rPSA-2007-0043-1 php php-mysql php-pgsql
MISC	http://www.php-security.org/MOPB/MOPB-11-2007.html
CONFIRM	http://www.php.net/ChangeLog-5.php#5.2.1
CONFIRM	http://www.php.net/releases/5_2_1.php
CONFIRM	https://issues.rpath.com/browse/RPL-1088
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm
DEBIAN	DSA-1264
GENTOO	GLSA-200703-21
MANDRIVA	MDKSA-2007:048
OPENPKG	OpenPKG-SA-2007.010
REDHAT	RHSA-2007:0076
REDHAT	RHSA-2007:0081
REDHAT	RHSA-2007:0089
REDHAT	RHSA-2007:0088
REDHAT	RHSA-2007:0082
SGI	20070201-01-P
SUSE	SUSE-SA:2007:020
TRUSTIX	2007-0009
UBUNTU	USN-424-1
UBUNTU	USN-424-2
BID	22496
BID	22806
OVAL	oval:org.mitre.oval:def:11185
VUPEN	ADV-2007-0546
OSVDB	32766
SECTRACK	1017671
SECUNIA	24089
SECUNIA	24195
SECUNIA	24217
SECUNIA	24248
SECUNIA	24236
SECUNIA	24295
SECUNIA	24322
SECUNIA	24432
SECUNIA	24421
SECUNIA	24514
SECUNIA	24606
SECUNIA	24642
SECUNIA	24284
SECUNIA	24419
SREASON	2321
XF	php-wddx-information-disclosure(32493)