Info

Disclosure

Mar 07, 2007

Discovery

Unknown

Dates

Exploit

Mar 07, 2007

Solution

Unknown

Description

An information leak vulnerability exists in PHP. An integer overflow which occurs while performing sanity checks on the input parameters to the substr_compare() function makes it possible to compare offsets outside of the allocated buffer. This allows memory access outside the buffer and the retrieval of sensitive information, leading to a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Concern

Solution

Upgrade to version 5.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

The PHP Group	PHP	5.2.1
		5.2.0
		5.1.x
		5.0.x
		5.0 Release Candidate 3
		5.0 Release Candidate 2
		5.0 Beta 4
		5.0 Beta 3
		5.0 Beta 2
		5.0 Beta 1
		5.0 Release Candidate 1

References

CVE ID: 2007-1375 (see also: NVD)
Bugtraq ID: 22851
Secunia Advisory ID: 24606 24606 25057 25062 26895
Milw0rm: 3424
Exploit Database: 3424
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
http://www.php-security.org/MOPB/MOPB-14-2007.html
http://www.ubuntu.com/usn/usn-455-1
http://www.us.debian.org/security/2007/dsa-1283
Generic Exploit URL: http://www.php-security.org/MOPB/code/MOPB-14-2007.php
Vendor URL: http://www.php.net/
Vendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php

Credit

Stefan Esser - sesserhardened-php.net - www.hardened-php.net

Direct URL: http://osvdb.org/32780

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

The PHP Group

PHP

References

Credit