7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
90.0%
CentOS Errata and Security Advisory CESA-2007:0349
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A heap buffer overflow flaw was found in the PHP ‘xmlrpc’ extension. A
PHP script which implements an XML-RPC server using this extension could
allow a remote attacker to execute arbitrary code as the ‘apache’ user.
Note that this flaw does not affect PHP applications using the pure-PHP
XML_RPC class provided in /usr/share/pear. (CVE-2007-1864)
A flaw was found in the PHP ‘ftp’ extension. If a PHP script used this
extension to provide access to a private FTP server, and passed untrusted
script input directly to any function provided by this extension, a remote
attacker would be able to send arbitrary FTP commands to the server.
(CVE-2007-2509)
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075901.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075902.html
Affected packages:
php
php-devel
php-domxml
php-gd
php-imap
php-ldap
php-mbstring
php-mysql
php-ncurses
php-odbc
php-pear
php-pgsql
php-snmp
php-xmlrpc
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0349
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | php | < 4.3.9-3.22.5 | php-4.3.9-3.22.5.ia64.rpm |
CentOS | 4 | ia64 | php-devel | < 4.3.9-3.22.5 | php-devel-4.3.9-3.22.5.ia64.rpm |
CentOS | 4 | ia64 | php-domxml | < 4.3.9-3.22.5 | php-domxml-4.3.9-3.22.5.ia64.rpm |
CentOS | 4 | ia64 | php-gd | < 4.3.9-3.22.5 | php-gd-4.3.9-3.22.5.ia64.rpm |
CentOS | 4 | ia64 | php-imap | < 4.3.9-3.22.5 | php-imap-4.3.9-3.22.5.ia64.rpm |
CentOS | 4 | ia64 | php-ldap | < 4.3.9-3.22.5 | php-ldap-4.3.9-3.22.5.ia64.rpm |
CentOS | 4 | ia64 | php-mbstring | < 4.3.9-3.22.5 | php-mbstring-4.3.9-3.22.5.ia64.rpm |
CentOS | 4 | ia64 | php-mysql | < 4.3.9-3.22.5 | php-mysql-4.3.9-3.22.5.ia64.rpm |
CentOS | 4 | ia64 | php-ncurses | < 4.3.9-3.22.5 | php-ncurses-4.3.9-3.22.5.ia64.rpm |
CentOS | 4 | ia64 | php-odbc | < 4.3.9-3.22.5 | php-odbc-4.3.9-3.22.5.ia64.rpm |