Lucene search

PRIOn knowledge basePRION:CVE-2007-2844

HistoryMay 24, 2007 - 6:30 p.m.

Race condition

2007-05-2418:30:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.028 Low

EPSS

Percentile

90.4%

JSON

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.

CPENameOperatorVersion
phpeq4.3.9
phpeq4.0 beta1
phpeq5.1.5
phpeq5.1.2
phpeq4.0 beta4
phpeq4.2.0
phpeq5.1.1
phpeq4.4.4
phpeq5.0.0 beta1
phpeq4.1.0

Name	Operator	Version
php	eq	4.3.9
php	eq	4.0 beta1
php	eq	5.1.5
php	eq	5.1.2
php	eq	4.0 beta4
php	eq	4.2.0
php	eq	5.1.1
php	eq	4.4.4
php	eq	5.0.0 beta1
php	eq	4.1.0

Rows per page:

1-10 of 731

References

blog.php-security.org/archives/82-Suhosin-0.9.20-and-crypt-Thread-Safety-Vulnerability.html

osvdb.org/36088

secunia.com/advisories/25434

www.securityfocus.com/bid/24109

exchange.xforce.ibmcloud.com/vulnerabilities/34601

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.028 Low

EPSS

Percentile

90.4%

JSON

Related for PRION:CVE-2007-2844