// For flags

CVE-2007-0906

Debian Linux Security Advisory 1264-1

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).

Los múltiples desbordamientos de búfer en PHP versión anterior a 5.2.1 permiten a los atacantes causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de vectores no específicos en las extensiones (1) session, (2) zip, (3) imap y (4) sqlite; (5) filtros de flujo; y las funciones (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user y (10) ibase_modify_user. NOTA: el vector 6 podría ser en realidad un desbordamiento de entero (CVE-2007-1885). NOTA: a partir de 20070411, el vector (3) puede involucrar la función imap_mail_compose (CVE-2007-1825).

Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server. The sapi_header_op() function had a buffer underflow that could be exploited to crash the PHP interpreter. The wddx unserialization handler did not correctly check for some buffer boundaries and had an uninitialized variable. By unserializing untrusted data, this could be exploited to expose memory regions that were not meant to be accessible. Depending on the PHP application this could lead to disclosure of potentially sensitive information. On 64 bit systems (the amd64 and sparc platforms), various print functions and the odbc_result_all() were susceptible to a format string vulnerability. A remote attacker could exploit this to execute arbitrary code with the privileges of the web server. Under certain circumstances it was possible to overwrite superglobal variables (like the HTTP GET/POST arrays) with crafted session data. When unserializing untrusted data on 64-bit platforms the zend_hash_init() function could be forced to enter an infinite loop, consuming CPU resources, for a limited length of time, until the script timeout alarm aborts the script.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-02-13 CVE Reserved
  • 2007-02-13 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-06-21 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (56)
URL Tag Source
http://osvdb.org/34706 Vdb Entry
http://osvdb.org/34707 Vdb Entry
http://osvdb.org/34708 Vdb Entry
http://osvdb.org/34709 Vdb Entry
http://osvdb.org/34710 Vdb Entry
http://osvdb.org/34711 Vdb Entry
http://osvdb.org/34712 Vdb Entry
http://osvdb.org/34713 Vdb Entry
http://osvdb.org/34714 Vdb Entry
http://osvdb.org/34715 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm X_refsource_confirm
http://www.osvdb.org/32776 Vdb Entry
http://www.php.net/ChangeLog-5.php#5.2.1 X_refsource_confirm
http://www.php.net/releases/5_2_1.php X_refsource_confirm
http://www.securityfocus.com/archive/1/461462/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/466166/100/0/threaded Mailing List
http://www.securitytracker.com/id?1017671 Vdb Entry
http://www.vupen.com/english/advisories/2007/0546 Vdb Entry
https://issues.rpath.com/browse/RPL-1088 X_refsource_confirm
https://issues.rpath.com/browse/RPL-1268 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8992 Signature
URL Date SRC
URL Date SRC
http://www.securityfocus.com/bid/22496 2018-10-30
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc 2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html 2018-10-30
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html 2018-10-30
http://rhn.redhat.com/errata/RHSA-2007-0089.html 2018-10-30
http://secunia.com/advisories/24089 2018-10-30
http://secunia.com/advisories/24195 2018-10-30
http://secunia.com/advisories/24217 2018-10-30
http://secunia.com/advisories/24236 2018-10-30
http://secunia.com/advisories/24248 2018-10-30
http://secunia.com/advisories/24284 2018-10-30
http://secunia.com/advisories/24295 2018-10-30
http://secunia.com/advisories/24322 2018-10-30
http://secunia.com/advisories/24419 2018-10-30
http://secunia.com/advisories/24421 2018-10-30
http://secunia.com/advisories/24432 2018-10-30
http://secunia.com/advisories/24514 2018-10-30
http://secunia.com/advisories/24606 2018-10-30
http://secunia.com/advisories/24642 2018-10-30
http://secunia.com/advisories/24945 2018-10-30
http://secunia.com/advisories/26048 2018-10-30
http://security.gentoo.org/glsa/glsa-200703-21.xml 2018-10-30
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048 2018-10-30
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0076.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0081.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0082.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0088.html 2018-10-30
http://www.trustix.org/errata/2007/0009 2018-10-30
http://www.ubuntu.com/usn/usn-424-1 2018-10-30
http://www.ubuntu.com/usn/usn-424-2 2018-10-30
http://www.us.debian.org/security/2007/dsa-1264 2018-10-30
https://access.redhat.com/security/cve/CVE-2007-0906 2007-02-26
https://bugzilla.redhat.com/show_bug.cgi?id=1618280 2007-02-26
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0
Search vendor "Php" for product "Php" and version "3.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.1
Search vendor "Php" for product "Php" and version "3.0.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.2
Search vendor "Php" for product "Php" and version "3.0.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.3
Search vendor "Php" for product "Php" and version "3.0.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.4
Search vendor "Php" for product "Php" and version "3.0.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.5
Search vendor "Php" for product "Php" and version "3.0.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.6
Search vendor "Php" for product "Php" and version "3.0.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.7
Search vendor "Php" for product "Php" and version "3.0.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.8
Search vendor "Php" for product "Php" and version "3.0.8"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.9
Search vendor "Php" for product "Php" and version "3.0.9"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.10
Search vendor "Php" for product "Php" and version "3.0.10"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.11
Search vendor "Php" for product "Php" and version "3.0.11"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.12
Search vendor "Php" for product "Php" and version "3.0.12"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.13
Search vendor "Php" for product "Php" and version "3.0.13"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.14
Search vendor "Php" for product "Php" and version "3.0.14"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.15
Search vendor "Php" for product "Php" and version "3.0.15"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.16
Search vendor "Php" for product "Php" and version "3.0.16"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.17
Search vendor "Php" for product "Php" and version "3.0.17"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.18
Search vendor "Php" for product "Php" and version "3.0.18"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0
Search vendor "Php" for product "Php" and version "4.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.1
Search vendor "Php" for product "Php" and version "4.0.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.1
Search vendor "Php" for product "Php" and version "4.0.1"
patch1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.1
Search vendor "Php" for product "Php" and version "4.0.1"
patch2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.2
Search vendor "Php" for product "Php" and version "4.0.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.3
Search vendor "Php" for product "Php" and version "4.0.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.3
Search vendor "Php" for product "Php" and version "4.0.3"
patch1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.4
Search vendor "Php" for product "Php" and version "4.0.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.5
Search vendor "Php" for product "Php" and version "4.0.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.6
Search vendor "Php" for product "Php" and version "4.0.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.7
Search vendor "Php" for product "Php" and version "4.0.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.7
Search vendor "Php" for product "Php" and version "4.0.7"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.7
Search vendor "Php" for product "Php" and version "4.0.7"
rc2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.7
Search vendor "Php" for product "Php" and version "4.0.7"
rc3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.1.0
Search vendor "Php" for product "Php" and version "4.1.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.1.1
Search vendor "Php" for product "Php" and version "4.1.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.1.2
Search vendor "Php" for product "Php" and version "4.1.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.2
Search vendor "Php" for product "Php" and version "4.2"
dev
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.2.0
Search vendor "Php" for product "Php" and version "4.2.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.2.1
Search vendor "Php" for product "Php" and version "4.2.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.2.2
Search vendor "Php" for product "Php" and version "4.2.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.2.3
Search vendor "Php" for product "Php" and version "4.2.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.0
Search vendor "Php" for product "Php" and version "4.3.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.1
Search vendor "Php" for product "Php" and version "4.3.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.2
Search vendor "Php" for product "Php" and version "4.3.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.3
Search vendor "Php" for product "Php" and version "4.3.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.4
Search vendor "Php" for product "Php" and version "4.3.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.5
Search vendor "Php" for product "Php" and version "4.3.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.6
Search vendor "Php" for product "Php" and version "4.3.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.7
Search vendor "Php" for product "Php" and version "4.3.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.8
Search vendor "Php" for product "Php" and version "4.3.8"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.9
Search vendor "Php" for product "Php" and version "4.3.9"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.10
Search vendor "Php" for product "Php" and version "4.3.10"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.11
Search vendor "Php" for product "Php" and version "4.3.11"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.4.0
Search vendor "Php" for product "Php" and version "4.4.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.4.1
Search vendor "Php" for product "Php" and version "4.4.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.4.2
Search vendor "Php" for product "Php" and version "4.4.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.4.3
Search vendor "Php" for product "Php" and version "4.4.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.4.4
Search vendor "Php" for product "Php" and version "4.4.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0
Search vendor "Php" for product "Php" and version "5.0"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0
Search vendor "Php" for product "Php" and version "5.0"
rc2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0
Search vendor "Php" for product "Php" and version "5.0"
rc3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.0
Search vendor "Php" for product "Php" and version "5.0.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.1
Search vendor "Php" for product "Php" and version "5.0.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.2
Search vendor "Php" for product "Php" and version "5.0.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.3
Search vendor "Php" for product "Php" and version "5.0.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.4
Search vendor "Php" for product "Php" and version "5.0.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.5
Search vendor "Php" for product "Php" and version "5.0.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.0
Search vendor "Php" for product "Php" and version "5.1.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.1
Search vendor "Php" for product "Php" and version "5.1.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.2
Search vendor "Php" for product "Php" and version "5.1.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.3
Search vendor "Php" for product "Php" and version "5.1.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.4
Search vendor "Php" for product "Php" and version "5.1.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.5
Search vendor "Php" for product "Php" and version "5.1.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.6
Search vendor "Php" for product "Php" and version "5.1.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.0
Search vendor "Php" for product "Php" and version "5.2.0"
-
Affected
Trustix
Search vendor "Trustix"
 Secure Linux
Search vendor "Trustix" for product "Secure Linux"
 2.2
Search vendor "Trustix" for product "Secure Linux" and version "2.2"
-
Affected
Trustix
Search vendor "Trustix"
 Secure Linux
Search vendor "Trustix" for product "Secure Linux"
 3.0
Search vendor "Trustix" for product "Secure Linux" and version "3.0"
-
Affected