FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-4887

This CVE name corresponds to:

Entered Topic
2007-11-16 php -- multiple security vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-4887 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-4887
Phase Assigned(20070913)

Description

The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.

References

Source Reference
BUGTRAQ 20070910 /* PHP <=5.2.4 open_basedir bypass & code exec & denial of service errata ... working on windows too .. */
BUGTRAQ 20070910 PHP <=5.2.4 open_basedir bypass & code exec & denial of service
CONFIRM http://www.php.net/ChangeLog-5.php#5.2.5
CONFIRM http://www.php.net/releases/5_2_5.php
CONFIRM https://issues.rpath.com/browse/RPL-1943
CONFIRM http://docs.info.apple.com/article.html?artnum=307562
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
APPLE APPLE-SA-2008-03-18
GENTOO GLSA-200710-02
HP HPSBUX02308
HP SSRT080010
HP HPSBUX02332
HP SSRT080056
BID 26403
OVAL oval:org.mitre.oval:def:5767
VUPEN ADV-2007-3825
VUPEN ADV-2008-0398
VUPEN ADV-2008-0924
SECUNIA 27102
SECUNIA 27659
SECUNIA 28750
SECUNIA 29420
SECUNIA 30040
SREASON 3133

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.