Lucene search

K
osvGoogleOSV:DSA-1295-1
HistoryMay 19, 2007 - 12:00 a.m.

php5

2007-05-1900:00:00
Google
osv.dev
7

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

Several remote vulnerabilities have been discovered in PHP, a
server-side, HTML-embedded scripting language, which may lead to the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:

  • CVE-2007-2509
    It was discovered that missing input sanitising inside the ftp
    extension permits an attacker to execute arbitrary FTP commands.
    This requires the attacker to already have access to the FTP
    server.
  • CVE-2007-2510
    It was discovered that a buffer overflow in the SOAP extension permits
    the execution of arbitrary code.

The oldstable distribution (sarge) doesn’t include php5.

For the stable distribution (etch) these problems have been fixed
in version 5.2.0-8+etch4.

For the unstable distribution (sid) these problems have been fixed in
version 5.2.2-1.

We recommend that you upgrade your PHP packages. Packages for the Sparc
architectures are not yet available, due to problems on the build host. They
will be provided later.

CPENameOperatorVersion
php5eq5.2.0-8+etch3
php5eq5.2.0-8+etch1

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P