Info

Disclosure

Aug 30, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Attack Type: Input Manipulation

Solution

Upgrade to version 4.4.8, 5.2.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

FrSIRT Advisory: ADV-2007-3023
Vendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.4
http://www.php.net/releases/5_2_4.php
Related OSVDB ID: 36858 36859 36861 36863 36864 36865 36866 36867 36869 36870
Other Advisory URL: http://lists.debian.org/debian-security-announce/2008/msg00156.html
http://lists.rpath.com/pipermail/security-announce/2007-October/000269.html
http://lists.rpath.com/pipermail/security-announce/2007-September/000244.html
http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability/
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware- ......
http://www.debian.org/security/2008/dsa-1444
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://www.ubuntu.com/usn/usn-549-1
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00321.h ......
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.h ......
ISS X-Force ID: 36388
Secunia Advisory ID: 26642 26748 26802 26838 27102 27110 27377 27864 28249 30288
CVE ID: 2007-4657 (see also: NVD)
Vendor URL: http://www.php.net/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218