Info

Disclosure

Feb 09, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Unknown or Incomplete

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Disclosure: Vendor Verified

Solution

Upgrade to version 4.4.5, 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

CVE ID: 2007-0909 (see also: NVD)
Bugtraq ID: 22496
Secunia Advisory ID: 24089 24195 24217 24236 24241 24248 24282 24284 24295 24322 24326 24419 24421 24432 24514 24606 24642 27102
Related OSVDB ID: 32762 32763 32765 32766 32767 32768 34706
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://fedoranews.org/cms/node/2681
http://fedoranews.org/cms/node/2720
http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm
http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048
http://www.trustix.org/errata/2007/0009/
http://www.us.debian.org/security/2007/dsa-1264
https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html
Vendor Specific Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm
Vendor URL: http://www.php.net/
Vendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1
http://www.php.net/releases/5_2_1.php
RedHat RHSA: RHSA-2007:0076 RHSA-2007:0081 RHSA-2007:0089

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/32764