Info

Disclosure

Feb 09, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Unknown or Incomplete

Classification

Attack Type: Input Manipulation
Impact: Loss of Integrity
Disclosure: Vendor Verified

Solution

Upgrade to version 4.4.5, 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

CVE ID: 2007-0906 (see also: NVD)
Secunia Advisory ID: 24089 24195 24217 24236 24241 24248 24282 24284 24295 24322 24326 24419 24421 24432 24514 24606 24642 24945 26048
Related OSVDB ID: 32762 32763 32764 32766 32767 32768 34706 34707 34708 34709 34710 34711 34712 34713 34715
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://fedoranews.org/cms/node/2681
http://fedoranews.org/cms/node/2720
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://lists.rpath.com/pipermail/security-announce/2007-April/000176.html
http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm
http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048
http://www.trustix.org/errata/2007/0009/
http://www.us.debian.org/security/2007/dsa-1264
https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html
Vendor Specific Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm
Vendor URL: http://www.php.net/
Vendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1
http://www.php.net/releases/5_2_1.php
RedHat RHSA: RHSA-2007:0076 RHSA-2007:0081 RHSA-2007:0089

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/34714