Debian: Critical PHP Remote Execution Advisory 1283-1 Released
debian
April 29, 2007
Several remote vulnerabilities have been discovered in PHP, a
server-side, HTML-embedded scripting language, which may lead to the
execution of arbitrary code
Summary
CVE-2007-1375
Stefan Esser discovered that an integer overflow in the substr_compare()
function allows information disclosure of heap memory.
CVE-2007-1376
Stefan Esser discovered that insufficient validation of shared memory
functions allows the disclosure of heap memory.
CVE-2007-1380
Stefan Esser discovered that the session handler performs
insufficient validation of variable name length values, which allows
information disclosure through a heap information leak.
CVE-2007-1453
Stefan Esser discovered that the filtering framework performs insufficient
input validation, which allows the execution of arbitrary code through a
buffer underflow.
CVE-2007-1454
Stefan Esser discovered that the filtering framework can be bypassed
with a special whitespace character.
CVE-2007-1521
Stefan Esser discovered a double free vulnerability in the
session_regenerate_id() function, which allows the execution of
arbitrary code.
CVE-...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!