36083 : PHP chunk_split Function Multiple Argument Overflows
Printer | http://osvdb.org/36083 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
6	729	almost 6 years ago	over 3 years ago	4 times	35%

This Entry needs help! It is only 35% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Timeline

Disclosure Date
2007-06-01

Description

<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2872" target="_blank">CVE</a>)</em> : Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.

Classification

Attack Type: Input Manipulation
Impact: Loss of Integrity
Disclosure: Vendor Verified

Solution

Upgrade to version 4.4.8, 5.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Security Tracker: 1018186
CVE ID: 2007-2872 (see also: NVD)
Bugtraq ID: 24261
Secunia Advisory ID: 25456 26048 26231 26748 26802 26838 26871 26895 26930 26967 27037 27102 27351 27377 27545 27864 28658 28750 30040
SCIP VulDB ID: 3533
Related OSVDB ID: 36084
VUPEN Advisory: ADV-2007-2061 ADV-2007-3386
Other Advisory URL: HPSBUX02262 SSRT071447: HPSBUX02308 SSRT080010: HPSBUX02332 SSRT080056: http://blog.php-security.org/archives/86-Chunk_split-Overflow-not-fixed-at-all....html
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://lists.rpath.com/pipermail/security-announce/2007-October/000269.html
http://lists.rpath.com/pipermail/security-announce/2007-September/000244.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.399824
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html
http://www.sec-consult.com/291.html
http://www.trustix.org/errata/2007/0023/
http://www.ubuntu.com/usn/usn-549-1
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00321.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0005.html
http://archives.neohapsis.com/archives/bugtraq/2007-10/0102.html
http://archives.neohapsis.com/archives/bugtraq/2008-02/0018.html
http://archives.neohapsis.com/archives/bugtraq/2008-05/0079.html
Vendor URL: http://www.php.net/
Vendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_3.php
RedHat RHSA: RHSA-2007:0888 RHSA-2007:0889 RHSA-2007:0890

Tools & Filters

	25368 25373 25971 26038 26107 26110 26115 26191 26942 27391 27392 27564 28372 29213 29552 30092
	4074 4202

Credit

Unknown or Incomplete

CVSSv2 Score

CVSSv2 Base Score = 6.8
Source: nvd.nist.gov | Generated: 2007-06-05 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.