Description

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.

Remediation

References

CVE-2007-2844

Related Vulnerabilities

Atlassian Jira CVE-2012-2926 Vulnerability (CVE-2012-2926)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2012-0021)

WordPress Plugin BuddyPress Extended Friendship Request Cross-Site Scripting (1.0.1)

Apache Tomcat Other Vulnerability (CVE-2002-2008)

OpenSSL Other Vulnerability (CVE-2004-0975)

Severity

Critical

Classification

CVE-2007-2844

Tags

Missing Update Known Vulnerabilities