PHP chunk_split Function Multiple Argument Overflows

2007-06-01T14:33:43
ID OSVDB:36083
Type osvdb
Reporter OSVDB
Modified 2007-06-01T14:33:43

Description

Solution Description

Upgrade to version 5.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://www.php.net/ Vendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_3.php Security Tracker: 1018186 Secunia Advisory ID:26748 Secunia Advisory ID:26231 Secunia Advisory ID:27037 Secunia Advisory ID:27102 Secunia Advisory ID:26802 Secunia Advisory ID:26895 Secunia Advisory ID:26967 Secunia Advisory ID:25456 Secunia Advisory ID:26048 Secunia Advisory ID:26871 Secunia Advisory ID:26930 Secunia Advisory ID:27351 Secunia Advisory ID:26838 Secunia Advisory ID:27377 Secunia Advisory ID:27545 Secunia Advisory ID:27864 Related OSVDB ID: 36084 RedHat RHSA: RHSA-2007:0890 RedHat RHSA: RHSA-2007:0888 RedHat RHSA: RHSA-2007:0889 Other Advisory URL: http://blog.php-security.org/archives/86-Chunk_split-Overflow-not-fixed-at-all....html Other Advisory URL: HPSBUX02262 SSRT071447: Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html Other Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00321.html Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-October/000269.html Other Advisory URL: http://www.sec-consult.com/291.html Other Advisory URL: http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 Other Advisory URL: http://www.trustix.org/errata/2007/0023/ Other Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863 Other Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.399824 Other Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-September/000244.html Other Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm Other Advisory URL: http://www.ubuntu.com/usn/usn-549-1 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0005.html FrSIRT Advisory: ADV-2007-2061 FrSIRT Advisory: ADV-2007-3386 CVE-2007-2872 Bugtraq ID: 24261