CVE-2007-0908

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.

References

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html

http://osvdb.org/32766

http://rhn.redhat.com/errata/RHSA-2007-0089.html

http://secunia.com/advisories/24089

http://secunia.com/advisories/24195

http://secunia.com/advisories/24217

http://secunia.com/advisories/24236

http://secunia.com/advisories/24248

http://secunia.com/advisories/24284

http://secunia.com/advisories/24295

http://secunia.com/advisories/24322

http://secunia.com/advisories/24419

http://secunia.com/advisories/24421

http://secunia.com/advisories/24432

http://secunia.com/advisories/24514

http://secunia.com/advisories/24606

http://secunia.com/advisories/24642

http://security.gentoo.org/glsa/glsa-200703-21.xml

http://securityreason.com/securityalert/2321

http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm

http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm

http://www.mandriva.com/security/advisories?name=MDKSA-2007:048

http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html

http://www.php.net/ChangeLog-5.php#5.2.1

http://www.php.net/releases/5_2_1.php

http://www.php-security.org/MOPB/MOPB-11-2007.html

http://www.redhat.com/support/errata/RHSA-2007-0076.html

http://www.redhat.com/support/errata/RHSA-2007-0081.html

http://www.redhat.com/support/errata/RHSA-2007-0082.html

http://www.redhat.com/support/errata/RHSA-2007-0088.html

http://www.securityfocus.com/archive/1/461462/100/0/threaded

http://www.securityfocus.com/bid/22496

http://www.securityfocus.com/bid/22806

http://www.securitytracker.com/id?1017671

http://www.trustix.org/errata/2007/0009/

http://www.ubuntu.com/usn/usn-424-1

http://www.ubuntu.com/usn/usn-424-2

http://www.us.debian.org/security/2007/dsa-1264

http://www.vupen.com/english/advisories/2007/0546

https://exchange.xforce.ibmcloud.com/vulnerabilities/32493

https://issues.rpath.com/browse/RPL-1088

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11185

Details

Source: MITRE

Published: 2007-02-13

Updated: 2018-10-30

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
67451Oracle Linux 3 / 4 : php (ELSA-2007-0076)NessusOracle Linux Local Security Checks
critical
29377SuSE 10 Security Update : PHP5 (ZYPP Patch Number 2684)NessusSuSE Local Security Checks
critical
28017Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 regression (USN-424-2)NessusUbuntu Local Security Checks
critical
28016Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 vulnerabilities (USN-424-1)NessusUbuntu Local Security Checks
critical
27390openSUSE 10 Security Update : php5 (php5-2687)NessusSuSE Local Security Checks
critical
25317RHEL 5 : php (RHSA-2007:0082)NessusRed Hat Local Security Checks
critical
24907PHP < 5.2.1 Multiple VulnerabilitiesNessusCGI abuses
high
24906PHP < 4.4.5 Multiple VulnerabilitiesNessusCGI abuses
high
24887GLSA-200703-21 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
24793Debian DSA-1264-1 : php4 - several vulnerabilitiesNessusDebian Local Security Checks
critical
24697RHEL 2.1 : php (RHSA-2007:0081)NessusRed Hat Local Security Checks
critical
24695Mandrake Linux Security Advisory : php (MDKSA-2007:048)NessusMandriva Local Security Checks
critical
24691Slackware 10.2 / 11.0 : php (SSA:2007-053-01)NessusSlackware Local Security Checks
critical
24677RHEL 3 / 4 : php (RHSA-2007:0076)NessusRed Hat Local Security Checks
critical
24673CentOS 3 / 4 : php (CESA-2007:0076)NessusCentOS Local Security Checks
critical
24365FreeBSD : php -- multiple vulnerabilities (7fcf1727-be71-11db-b2ec-000c6ec775d9)NessusFreeBSD Local Security Checks
critical
3857PHP < 4.4.5 / 5.2.1 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
801112PHP < 4.4.5 / 5.2.1 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high