Info

Disclosure

Feb 09, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

PHP contains a flaw that may all a context-dependent attacker to deny service. The issue occurs on 64-bit platforms when the zend_hash_init function unserializing certain expressions causing 32-bit arguments to be used after the check for a negative value. This may cause the application to enter an infinite loop and require a restart.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Denial of Service
Impact: Loss of Availability
Disclosure: Vendor Verified

Solution

Unknown or Incomplete

Products

Unknown or Incomplete

References

CVE ID: 2007-0988 (see also: NVD)
Secunia Advisory ID: 24089 24195 24217 24236 24241 24248 24282 24284 24295 24322 24326 24419 24421 24432 24606 24642 25423 25850 27102
ISS X-Force ID: 32709
Related OSVDB ID: 32763 32764 32766 32767 32768 34706
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://fedoranews.org/cms/node/2681
http://fedoranews.org/cms/node/2720
http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm
http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048
http://www.php-security.org/MOPB/MOPB-05-2007.html
http://www.trustix.org/errata/2007/0009/
http://www.us.debian.org/security/2007/dsa-1264
https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html
Keyword: HPSBMA02215,SSRT071423 HPSBTU02232,SSRT071429 HPSBTU02232,SSRT071429,c01086137
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0363.html
Vendor Specific Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm
http://www8.itrc.hp.com/service/cki/docDisplay.do?docId=c01056506
Vendor URL: http://www.php.net/
Vendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1
http://www.php.net/releases/5_2_1.php
RedHat RHSA: RHSA-2007:0076 RHSA-2007:0081 RHSA-2007:0089

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/32762