CVE-2007-0988 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-0988
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0988

Description: The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/32709 UBUNTU http://www.ubuntu.com/usn/usn-424-2 http://www.ubuntu.com/usn/usn-424-1 TRUSTIX http://www.trustix.org/errata/2007/0009/ SUSE http://www.novell.com/linux/security/advisories/2007_32_php.html ST 1017671 SREASON http://securityreason.com/securityalert/2315 SGI SAID Secunia Advisory: SA25850 Secunia Advisory: SA24419 Secunia Advisory: SA24284 Secunia Advisory: SA25423 Secunia Advisory: SA25056 Secunia Advisory: SA24642 Secunia Advisory: SA24606 Secunia Advisory: SA24421 Secunia Advisory: SA24432 Secunia Advisory: SA24322 Secunia Advisory: SA24295 Secunia Advisory: SA24248 Secunia Advisory: SA24236 Secunia Advisory: SA24195 Secunia Advisory: SA24217 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0082.html http://www.redhat.com/support/errata/RHSA-2007-0081.html http://rhn.redhat.com/errata/RHSA-2007-0089.html http://www.redhat.com/support/errata/RHSA-2007-0088.html http://www.redhat.com/support/errata/RHSA-2007-0076.html OSVDB 32762 OPENPKG http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html MISC http://www.php-security.org/MOPB/MOPB-05-2007.html http://www.php.net/releases/5_2_1.php http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:048 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 GENTOO http://security.gentoo.org/glsa/glsa-200703-21.xml DEBIAN http://www.us.debian.org/security/2007/dsa-1264 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/461462/100/0/threaded

Return to the previous page.