PHP Msg_Receive() Memory Allocation Integer Overflow Vulnerability Network Vulnerability

Summary

PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory. Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition. This issue affects PHP versions prior to 4.4.5 and 5.2.1.

Solution

Reports indicate that the vendor released version 4.4.5 and 5.2.1 to address this issue. Symantec has not confirmed this. Please contact the vendor for information on obtaining and applying fixes.

References

http://www.php-security.org/MOPB/MOPB-43-2007.html
http://www.php.net/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2007-1889

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ATutor < 1.5.1-pl1 Multiple Flaws
AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
Advantech WebAccess Multiple Vulnerabilities
b2Evolution title SQL Injection

Take action and discover your vulnerabilities