Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4887

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4887
Last Modified 07 Mar 2011 09:59:21
Published 13 Sep 2007 08:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4887

Summary

The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.

Vulnerable Systems

Application

  • Php 5.2.4


References

VUPEN - ADV-2008-0924

VUPEN - ADV-2008-0398

VUPEN - ADV-2007-3825

HP - HPSBUX02332

BUGTRAQ - 20070910 /* PHP <=5.2.4 open_basedir bypass & code exec & denial of service errata ... working on windows too .. */

BUGTRAQ - 20070910 PHP <=5.2.4 open_basedir bypass & code exec & denial of service

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242

HP - HPSBUX02308

CONFIRM - https://issues.rpath.com/browse/RPL-1943

BID - 26403

CONFIRM - http://www.php.net/releases/5_2_5.php

CONFIRM - http://www.php.net/ChangeLog-5.php#5.2.5

GENTOO - GLSA-200710-02

SREASON - 3133

SECUNIA - 30040

SECUNIA - 29420

SECUNIA - 28750

SECUNIA - 27659

SECUNIA - 27102

APPLE - APPLE-SA-2008-03-18

HP - SSRT080010

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

HP - SSRT080056

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)


Last Updated: 27 May 2016 10:47:26