[Secure-testing-commits] r5937 - data/DTSA/advs

Sat May 26 11:13:36 UTC 2007

Author: stef-guest
Date: 2007-05-26 11:13:36 +0000 (Sat, 26 May 2007)
New Revision: 5937

Added:
   data/DTSA/advs/41-php5.adv
Log:
really add php5 adv

Added: data/DTSA/advs/41-php5.adv
===================================================================

--- data/DTSA/advs/41-php5.adv	                        (rev 0)
+++ data/DTSA/advs/41-php5.adv	2007-05-26 11:13:36 UTC (rev 5937)
@@ -0,0 +1,97 @@
+source: php5
+date: May 26th, 2007
+author: Stefan Fritsch
+vuln-type: several vulnerabilities
+problem-scope: remote
+debian-specifc: no
+cve: CVE-2007-1286 CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1700 CVE-2007-1718 CVE-2007-1777 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889 CVE-2007-1900 CVE-2007-2509 CVE-2007-2510 CVE-2007-2511
+vendor-advisory: 
+testing-fix: 5.2.0-10+lenny1
+sid-fix: 5.2.2-1
+upgrade: apt-get upgrade
+
+Several remote vulnerabilities have been discovered in PHP, a
+server-side, HTML-embedded scripting language, which may lead to the
+execution of arbitrary code. The Common Vulnerabilities and Exposures
+project identifies the following problems:
+
+CVE-2007-1286
+    Stefan Esser discovered an overflow in the object reference handling
+    code of the unserialize() function, which allows the execution of
+    arbitrary code if malformed input is passed from an application.
+
+CVE-2007-1375
+    Stefan Esser discovered that an integer overflow in the substr_compare()
+    function allows information disclosure of heap memory.
+
+CVE-2007-1376
+    Stefan Esser discovered that insufficient validation of shared memory
+    functions allows the disclosure of heap memory.
+
+CVE-2007-1380
+    Stefan Esser discovered that the session handler performs
+    insufficient validation of variable name length values, which allows
+    information disclosure through a heap information leak.
+
+CVE-2007-1453
+    Stefan Esser discovered that the filtering framework performs insufficient
+    input validation, which allows the execution of arbitrary code through a
+    buffer underflow.
+
+CVE-2007-1454
+    Stefan Esser discovered that the filtering framework can be bypassed 
+    with a special whitespace character.
+
+CVE-2007-1521
+    Stefan Esser discovered a double free vulnerability in the
+    session_regenerate_id() function, which allows the execution of
+    arbitrary code. 
+
+CVE-2007-1583
+    Stefan Esser discovered that a programming error in the mb_parse_str()
+    function allows the activation of "register_globals".
+
+CVE-2007-1700
+    Stefan Esser discovered that the session extension incorrectly maintains
+    the reference count of session variables, which allows the execution of
+    arbitrary code.
+
+CVE-2007-1718
+    Stefan Esser discovered that the mail() function performs
+    insufficient validation of folded mail headers, which allows mail
+    header injection.
+
+CVE-2007-1777
+    Stefan Esser discovered that the extension to handle ZIP archives
+    performs insufficient length checks, which allows the execution of
+    arbitrary code.
+
+CVE-2007-1824
+    Stefan Esser discovered an off-by-one in the filtering framework, which
+    allows the execution of arbitrary code.
+
+CVE-2007-1887
+    Stefan Esser discovered that a buffer overflow in the sqlite extension
+    allows the execution of arbitrary code.
+
+CVE-2007-1889
+    Stefan Esser discovered that the PHP memory manager performs an
+    incorrect type cast, which allows the execution of arbitrary code
+    through buffer overflows. 
+
+CVE-2007-1900
+    Stefan Esser discovered that incorrect validation in the email filter
+    extension allowed the injection of mail headers.
+
+CVE-2007-2509
+    It was discovered that missing input sanitising inside the ftp
+    extension permits an attacker to execute arbitrary FTP commands.
+    This requires the attacker to already have access to the FTP
+    server.
+
+CVE-2007-2510
+    It was discovered that a buffer overflow in the SOAP extension permits
+    the execution of arbitrary code.
+
+CVE-2007-2511
+    A buffer overflow was discovered in the user_filter_factory_create.


