National Cyber-Alert System

Vulnerability Summary for CVE-2007-1887

Overview

Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statments (disclaimer)

Official Statement from Red Hat (04/16/2007)

Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://www.php.net/releases/5_2_1.php

Type: Patch Information

Hyperlink:http://www.php.net/releases/5_2_1.php

External Source: BID

Name: 23235

Hyperlink:http://www.securityfocus.com/bid/23235

External Source: MISC

Name: http://www.php-security.org/MOPB/MOPB-41-2007.html

Type: Advisory

Hyperlink:http://www.php-security.org/MOPB/MOPB-41-2007.html

External Source: OVAL

Name: oval:org.mitre.oval:def:5348

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5348

External Source: FEDORA

Name: FEDORA-2007-2215

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html

External Source: UBUNTU

Name: USN-455-1

Hyperlink:http://www.ubuntu.com/usn/usn-455-1

External Source: CONFIRM

Name: http://www.php.net/releases/5_2_3.php

Hyperlink:http://www.php.net/releases/5_2_3.php

External Source: MANDRIVA

Name: MDKSA-2007:089

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:089

External Source: MANDRIVA

Name: MDKSA-2007:088

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:088

External Source: GENTOO

Name: GLSA-200710-02

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

External Source: VUPEN

Name: ADV-2007-3386

Hyperlink:http://www.frsirt.com/english/advisories/2007/3386

External Source: VUPEN

Name: ADV-2007-2016

Hyperlink:http://www.frsirt.com/english/advisories/2007/2016

External Source: DEBIAN

Name: DSA-1283

Hyperlink:http://www.debian.org/security/2007/dsa-1283

External Source: SECUNIA

Name: 27110

Hyperlink:http://secunia.com/advisories/27110

External Source: SECUNIA

Name: 27102

Hyperlink:http://secunia.com/advisories/27102

External Source: SECUNIA

Name: 27037

Hyperlink:http://secunia.com/advisories/27037

External Source: SECUNIA

Name: 25062

Hyperlink:http://secunia.com/advisories/25062

External Source: SECUNIA

Name: 25057

Hyperlink:http://secunia.com/advisories/25057

External Source: SECUNIA

Name: 24909

Hyperlink:http://secunia.com/advisories/24909

External Source: HP

Name: HPSBUX02262

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

External Source: MANDRIVA

Name: MDKSA-2007:089

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:089

External Source: MANDRIVA

Name: MDKSA-2007:088

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:088