Web application abuses : PHP 4.x < 4.4.5, 5.x < 5.2.1 Multiple Buffer Overflow Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100593

Categoría: Web application abuses

Título: PHP 4.x < 4.4.5, 5.x < 5.2.1 Multiple Buffer Overflow Vulnerabilities

Resumen: PHP is prone to multiple buffer overflow vulnerabilities in; the sqlite_decode_binary function.

Descripción: Summary:
PHP is prone to multiple buffer overflow vulnerabilities in
the sqlite_decode_binary function.

Vulnerability Impact:
An attacker can exploit this issue to execute arbitrary machine
code in the context of the affected webserver. Failed exploit attempts will likely crash the
webserver, denying service to legitimate users.

Affected Software/OS:
PHP versions 4.x prior to 4.4.5 and 5.x prior to 5.2.1.

Solution:
Update to version 4.4.5, 5.2.1 or later.

Note: The reporter of this issue indicates that if you are using a shared copy of an external
Sqlite library, you will remain vulnerable to this issue, even after upgrading to nonvulnerable
versions.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-1887
BugTraq ID: 23235
http://www.securityfocus.com/bid/23235
Debian Security Information: DSA-1283 (Google Search)
http://www.debian.org/security/2007/dsa-1283
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
http://www.mandriva.com/security/advisories?name=MDKSA-2007:089
http://www.php-security.org/MOPB/MOPB-41-2007.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5348
http://secunia.com/advisories/24909
http://secunia.com/advisories/25057
http://secunia.com/advisories/25062
http://secunia.com/advisories/27037
http://secunia.com/advisories/27102
http://secunia.com/advisories/27110
http://www.ubuntu.com/usn/usn-455-1
http://www.vupen.com/english/advisories/2007/2016
http://www.vupen.com/english/advisories/2007/3386
XForce ISS Database: php-sqlitedecodebinary-bo(33766)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33766
Common Vulnerability Exposure (CVE) ID: CVE-2007-1888
http://www.mandriva.com/security/advisories?name=MDKSA-2007:091
http://www.sqlite.org/cvstrac/rlog?f=sqlite/src/encode.c
http://osvdb.org/39177
http://www.attrition.org/pipermail/vim/2007-April/001540.html
XForce ISS Database: sqlite-sqlitedecodebinary-bo(38518)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38518

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100593
Categoría:	Web application abuses
Título:	PHP 4.x < 4.4.5, 5.x < 5.2.1 Multiple Buffer Overflow Vulnerabilities
Resumen:	PHP is prone to multiple buffer overflow vulnerabilities in; the sqlite_decode_binary function.
Descripción:	Summary: PHP is prone to multiple buffer overflow vulnerabilities in the sqlite_decode_binary function. Vulnerability Impact: An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users. Affected Software/OS: PHP versions 4.x prior to 4.4.5 and 5.x prior to 5.2.1. Solution: Update to version 4.4.5, 5.2.1 or later. Note: The reporter of this issue indicates that if you are using a shared copy of an external Sqlite library, you will remain vulnerable to this issue, even after upgrading to nonvulnerable versions. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1887 BugTraq ID: 23235 http://www.securityfocus.com/bid/23235 Debian Security Information: DSA-1283 (Google Search) http://www.debian.org/security/2007/dsa-1283 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml HPdes Security Advisory: HPSBUX02262 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 HPdes Security Advisory: SSRT071447 http://www.mandriva.com/security/advisories?name=MDKSA-2007:088 http://www.mandriva.com/security/advisories?name=MDKSA-2007:089 http://www.php-security.org/MOPB/MOPB-41-2007.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5348 http://secunia.com/advisories/24909 http://secunia.com/advisories/25057 http://secunia.com/advisories/25062 http://secunia.com/advisories/27037 http://secunia.com/advisories/27102 http://secunia.com/advisories/27110 http://www.ubuntu.com/usn/usn-455-1 http://www.vupen.com/english/advisories/2007/2016 http://www.vupen.com/english/advisories/2007/3386 XForce ISS Database: php-sqlitedecodebinary-bo(33766) https://exchange.xforce.ibmcloud.com/vulnerabilities/33766 Common Vulnerability Exposure (CVE) ID: CVE-2007-1888 http://www.mandriva.com/security/advisories?name=MDKSA-2007:091 http://www.sqlite.org/cvstrac/rlog?f=sqlite/src/encode.c http://osvdb.org/39177 http://www.attrition.org/pipermail/vim/2007-April/001540.html XForce ISS Database: sqlite-sqlitedecodebinary-bo(38518) https://exchange.xforce.ibmcloud.com/vulnerabilities/38518
Copyright	Copyright (C) 2010 Greenbone AG