CVE-2007-1286 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-1286
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-1286

Description: Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/32796 TRUSTIX http://www.trustix.org/errata/2007/0009/ SAID Secunia Advisory: SA24945 Secunia Advisory: SA24941 Secunia Advisory: SA24924 Secunia Advisory: SA24910 Secunia Advisory: SA24606 Secunia Advisory: SA25025 Secunia Advisory: SA25062 Secunia Advisory: SA25445 Secunia Advisory: SA25423 Secunia Advisory: SA24419 Secunia Advisory: SA25850 REDHAT http://rhn.redhat.com/errata/RHSA-2007-0163.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://rhn.redhat.com/errata/RHSA-2007-0154.html OSVDB 32771 MISC http://www.php-security.org/MOPB/MOPB-04-2007.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:087 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:088 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 GENTOO http://security.gentoo.org/glsa/glsa-200705-19.xml http://security.gentoo.org/glsa/glsa-200703-21.xml DEBIAN http://www.debian.org/security/2007/dsa-1282 http://www.debian.org/security/2007/dsa-1283 CONFIRM BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/466166/100/0/threaded BID 22765

Return to the previous page.