CVE-2007-0906 - CVE Reference - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

CVE Reference: CVE-2007-0906

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0906

Description: Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-424-2 http://www.ubuntu.com/usn/usn-424-1 TRUSTIX http://www.trustix.org/errata/2007/0009/ SUSE http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html ST 1017671 SGI SAID Secunia Advisory: SA24322 Secunia Advisory: SA24295 Secunia Advisory: SA24236 Secunia Advisory: SA24248 Secunia Advisory: SA24195 Secunia Advisory: SA24217 Secunia Advisory: SA24089 Secunia Advisory: SA24432 Secunia Advisory: SA24421 Secunia Advisory: SA24514 Secunia Advisory: SA24606 Secunia Advisory: SA24642 Secunia Advisory: SA24945 Secunia Advisory: SA24284 Secunia Advisory: SA24419 Secunia Advisory: SA26048 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0088.html http://www.redhat.com/support/errata/RHSA-2007-0082.html http://www.redhat.com/support/errata/RHSA-2007-0076.html http://www.redhat.com/support/errata/RHSA-2007-0081.html http://rhn.redhat.com/errata/RHSA-2007-0089.html OSVDB 32776 OPENPKG http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:048 GENTOO http://security.gentoo.org/glsa/glsa-200703-21.xml DEBIAN http://www.us.debian.org/security/2007/dsa-1264 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm http://www.php.net/ChangeLog-5.php#5.2.1 http://www.php.net/releases/5_2_1.php BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/466166/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/461462/100/0/threaded BID 22496

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Opera Multiple Vulnerabilities

2.	Anzio Web Print Object (WePO) ActiveX Component "mainurl" Buffer Overflow

3.	vBulletin Private Message Subject Script Insertion

4.	Folder Lock Weak Password Encryption Security Issue

5.	neon "parse_domain() " Denial of Service Vulnerability

6.	SunShop Shopping Cart class.ajax.php SQL Injection Vulnerabilities

7.	Short Url & Url Tracker Script "id" SQL Injection Vulnerability

8.	PHP Live Helper Multiple Vulnerabilities

9.	URL Rotator Script "id" SQL Injection Vulnerability

10.	Programs Rating "id" SQL Injection Vulnerability