PHP user_filter_factory_create() Function Overflow

2007-05-03T22:07:30
ID OSVDB:34676
Type osvdb
Reporter OSVDB
Modified 2007-05-03T22:07:30

Description

Vulnerability Description

PHP contains a flaw that may allow local attackers to escalate privileges. The issue is due to the user_filter_factory_create() function not properly sanitizing user input. No further details have been provided.

Solution Description

Upgrade to version 5.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP contains a flaw that may allow local attackers to escalate privileges. The issue is due to the user_filter_factory_create() function not properly sanitizing user input. No further details have been provided.

References:

Vendor URL: http://www.php.net/ Vendor Specific News/Changelog Entry: http://us2.php.net/releases/5_2_2.php Vendor Specific News/Changelog Entry: http://viewcvs.php.net/viewvc.cgi/php-src/ext/standard/user_filters.c?r1=1.31.2.4.2.5&r2=1.31.2.4.2.6 Secunia Advisory ID:25372 Secunia Advisory ID:25445 Secunia Advisory ID:26048 Secunia Advisory ID:25255 Other Advisory URL: http://www.ubuntu.com/usn/usn-462-1 Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml Other Advisory URL: http://www.trustix.org/errata/2007/0017/ CVE-2007-2511