php5 - several vulnerabilities

2008-05-1100:00:00

Google

osv.dev

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.022 Low

EPSS

Percentile

87.9%

JSON

Several vulnerabilities have been discovered in PHP, a server-side,
HTML-embedded scripting language. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2007-3806
The glob function allows context-dependent attackers to cause
a denial of service and possibly execute arbitrary code via
an invalid value of the flags parameter.
CVE-2008-1384
Integer overflow allows context-dependent attackers to cause
a denial of service and possibly have other impact via a
printf format parameter with a large width specifier.
CVE-2008-2050
Stack-based buffer overflow in the FastCGI SAPI.
CVE-2008-2051
The escapeshellcmd API function could be attacked via
incomplete multibyte chars.

For the stable distribution (etch), these problems have been fixed in
version 5.2.0-8+etch11.

For the unstable distribution (sid), these problems have been fixed in
version 5.2.6-1.

We recommend that you upgrade your php5 package.

CPENameOperatorVersion
php5eq5.2.0-8+etch1
php5eq5.2.0-8+etch10
php5eq5.2.0-8+etch11~p1
php5eq5.2.0-8+etch3
php5eq5.2.0-8+etch4
php5eq5.2.0-8+etch5~pu1
php5eq5.2.0-8+etch6
php5eq5.2.0-8+etch7
php5eq5.2.0-8+etch8
php5eq5.2.0-8+etch9

Name	Operator	Version
php5	eq	5.2.0-8+etch1
php5	eq	5.2.0-8+etch10
php5	eq	5.2.0-8+etch11~p1
php5	eq	5.2.0-8+etch3
php5	eq	5.2.0-8+etch4
php5	eq	5.2.0-8+etch5~pu1
php5	eq	5.2.0-8+etch6
php5	eq	5.2.0-8+etch7
php5	eq	5.2.0-8+etch8
php5	eq	5.2.0-8+etch9