SB2007052601 - Gentoo update for PHP

Main Vulnerability Database SB2007052601

SB2007052601 - Gentoo update for PHP

Published: May 26, 2007 Updated: June 28, 2025

Security Bulletin ID SB2007052601

Severity

Medium

Patch available

YES

Number of vulnerabilities 17

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 17 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2007-1001)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.

2) Input validation error (CVE-ID: CVE-2007-1375)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.

3) Buffer overflow (CVE-ID: CVE-2007-2510)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.

4) Input validation error (CVE-ID: CVE-2007-2511)

The vulnerability allows a local user to execute arbitrary code.

Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.

5) Buffer overflow (CVE-ID: CVE-2007-1864)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

6) Input validation error (CVE-ID: CVE-2007-1484)

The vulnerability allows a local user to read and manipulate data.

The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.

7) Input validation error (CVE-ID: CVE-2007-1521)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.

8) Uncontrolled Recursion (CVE-ID: CVE-2007-1285)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

9) Input validation error (CVE-ID: CVE-2007-1286)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

10) Input validation error (CVE-ID: CVE-2007-1583)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.

11) Input validation error (CVE-ID: CVE-2007-1700)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.

12) Deserialization of Untrusted Data (CVE-ID: CVE-2007-1701)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". Successful exploitation requires that variable "register_globals" is enabled.

13) Input validation error (CVE-ID: CVE-2007-1711)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).

14) Input validation error (CVE-ID: CVE-2007-1717)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.

15) Input validation error (CVE-ID: CVE-2007-1718)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a " " sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.

16) Input validation error (CVE-ID: CVE-2007-1900)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a ' ' character, which causes a regular expression to ignore the subsequent part of the address string.

17) Input validation error (CVE-ID: CVE-2007-2509)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.

Remediation

Install update from vendor's website.

References

https://security.gentoo.org/glsa/200705-19