CVE-2007-1583 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-1583
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-1583

Description: The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-455-1 SUSE http://www.novell.com/linux/security/advisories/2007_32_php.html SAID Secunia Advisory: SA24924 Secunia Advisory: SA24965 Secunia Advisory: SA24945 Secunia Advisory: SA25062 Secunia Advisory: SA25057 Secunia Advisory: SA24909 Secunia Advisory: SA25056 Secunia Advisory: SA25445 Secunia Advisory: SA26235 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0162.html http://www.redhat.com/support/errata/RHSA-2007-0153.html http://rhn.redhat.com/errata/RHSA-2007-0155.html MISC http://www.php-security.org/MOPB/MOPB-26-2007.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:088 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:090 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:089 GENTOO http://security.gentoo.org/glsa/glsa-200705-19.xml DEBIAN http://www.debian.org/security/2007/dsa-1283 CONFIRM http://us2.php.net/releases/4_4_7.php http://us2.php.net/releases/5_2_2.php http://docs.info.apple.com/article.html?artnum=306172 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/466166/100/0/threaded BID 23016 25159 APPLE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Return to the previous page.