Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4782

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4782
Last Modified 21 Aug 2010 01:10:48
Published 10 Sep 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4782

Summary

PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

Vulnerable Systems

Application

  • Php 5.2.3


References

FEDORA - FEDORA-2008-3864

UBUNTU - USN-628-1

BUGTRAQ - 20070904 PHP < 5.2.3 fnmatch() denial of service

BUGTRAQ - 20070904 PHP < 5.2.3 glob() denial of service

BUGTRAQ - 20070905 PHP < 5.2.3 glob() denial of service

REDHAT - RHSA-2008:0582

REDHAT - RHSA-2008:0545

REDHAT - RHSA-2008:0544

REDHAT - RHSA-2008:0505

MANDRIVA - MDVSA-2009:023

MANDRIVA - MDVSA-2009:022

SECUNIA - 31200

SECUNIA - 31119

SECUNIA - 30828

OSVDB - 38686

XF - php-globfunction-dos(36461)

XF - php-fnmatch-dos(36457)

GENTOO - GLSA-200710-02

SREASON - 3109

SECUNIA - 28658

SECUNIA - 27102

SUSE - SUSE-SA:2008:004

Related Patches

Red Hat 2008:0544-06 RHSA Moderate: php security update for RHEL 5 x86


Last Updated: 27 May 2016 10:45:58