FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- multiple vulnerabilities

Affected packages
php5 < 5.2.1_2
php5-imap < 5.2.1_2
php5-odbc < 5.2.1_2
php5-session < 5.2.1_2
php5-shmop < 5.2.1_2
php5-sqlite < 5.2.1_2
php5-wddx < 5.2.1_2
php4 < 4.4.5
php4-odbc < 4.4.5
php4-session < 4.4.5
php4-shmop < 4.4.5
php4-wddx < 4.4.5
4 <= mod_php < 4.4.5
5 <= mod_php < 5.2.1_2
4 <= mod_php4 < 4.4.5
5 <= mod_php4 < 5.2.1_2
4 <= mod_php4-twig < 4.4.5
5 <= mod_php4-twig < 5.2.1_2
4 <= mod_php5 < 4.4.5
5 <= mod_php5 < 5.2.1_2
4 <= php4-cgi < 4.4.5
5 <= php4-cgi < 5.2.1_2
4 <= php4-cli < 4.4.5
5 <= php4-cli < 5.2.1_2
4 <= php4-dtc < 4.4.5
5 <= php4-dtc < 5.2.1_2
4 <= php4-horde < 4.4.5
5 <= php4-horde < 5.2.1_2
4 <= php4-nms < 4.4.5
5 <= php4-nms < 5.2.1_2
4 <= php5-cgi < 4.4.5
5 <= php5-cgi < 5.2.1_2
4 <= php5-cli < 4.4.5
5 <= php5-cli < 5.2.1_2
4 <= php5-dtc < 4.4.5
5 <= php5-dtc < 5.2.1_2
4 <= php5-horde < 4.4.5
5 <= php5-horde < 5.2.1_2
4 <= php5-nms < 4.4.5
5 <= php5-nms < 5.2.1_2

Details

VuXML ID 7fcf1727-be71-11db-b2ec-000c6ec775d9
Discovery 2007-02-09
Entry 2007-02-17
Modified 2013-04-01

Multiple vulnerabilities have been found in PHP, including: buffer overflows, stack overflows, format string, and information disclosure vulnerabilities.

The session extension contained safe_mode and open_basedir bypasses, but the FreeBSD Security Officer does not consider these real security vulnerabilities, since safe_mode and open_basedir are insecure by design and should not be relied upon.

References

CVE Name CVE-2007-0905
CVE Name CVE-2007-0906
CVE Name CVE-2007-0907
CVE Name CVE-2007-0908
CVE Name CVE-2007-0909
CVE Name CVE-2007-0910
CVE Name CVE-2007-0988
URL http://secunia.com/advisories/24089/
URL http://www.php.net/releases/4_4_5.php
URL http://www.php.net/releases/5_2_1.php