PT-2007-2347 · Php+2 · Php+21

Published

2007-02-13

Updated

2018-10-30

CVE-2007-0906

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str replace, (7) mail, (8) ibase delete user, (9) ibase add user, and (10) ibase modify user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap mail compose function (CVE-2007-1825).

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-0906

DSA-1264-1

RHSA-2007:0076

RHSA-2007:0081

RHSA-2007:0082

RHSA-2007:0088

RHSA-2007:0089

RHSA-2007_0076

RHSA-2007_0082

Affected Products

Php

Php-Bcmath

Php-Cli

Php-Common

Php-Dba

Php-Devel

Php-Domxml

Gtd-Php

Php-Imap

Php-Ldap

Php-Mbstring

Mysqli.Php

Php-Ncurses

Php-Odbc

Php-Pdo

Php Pear

Php-Pgsql

Php-Snmp

Php-Soap

Php-Xml

Phpxmlrpc

Secure Linux

PT-2007-2347 · Php+2 · Php+21

CVE-2007-0906

Weakness Enumeration

Related Identifiers

Affected Products

References · 73