UbuntuUSN-462-1PHP vulnerabilities
Releases
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06
Details
A flaw was discovered in the FTP command handler in PHP. Commands were
not correctly filtered for control characters. An attacker could issue
arbitrary FTP commands using specially crafted arguments. (CVE-2007-2509)
Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler
in PHP. Remote attackers could send a specially crafted SOAP request
and execute arbitrary code with web server privileges. (CVE-2007-2510)
Ilia Alshanetsky discovered a buffer overflow in the user filter factory
in PHP. A local attacker could create a specially crafted script and
execute arbitrary code with web server privileges. (CVE-2007-2511)
Gregory Beaver discovered that the PEAR installer did not validate
installation paths. If a user were tricked into installing a malicious
PEAR package, an attacker could overwrite arbitrary files. (CVE-2007-2519)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 7.04 | noarch | php5-cli | <Â 5.2.1-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | php-pear | <Â 5.2.1-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libapache2-mod-php5 | <Â 5.2.1-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | php5-cgi | <Â 5.2.1-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | php5-xmlrpc | <Â 5.2.1-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 6.10 | noarch | php5-cli | <Â 5.1.6-1ubuntu2.5 | UNKNOWN |
| Ubuntu | 6.10 | noarch | php-pear | <Â 5.1.6-1ubuntu2.5 | UNKNOWN |
| Ubuntu | 6.10 | noarch | libapache2-mod-php5 | <Â 5.1.6-1ubuntu2.5 | UNKNOWN |
| Ubuntu | 6.10 | noarch | php5-cgi | <Â 5.1.6-1ubuntu2.5 | UNKNOWN |
| Ubuntu | 6.10 | noarch | php5-xmlrpc | <Â 5.1.6-1ubuntu2.5 | UNKNOWN |
Related
