Debian Security Advisory

DSA-1264-1 php4 -- several vulnerabilities

Date Reported:
07 Mar 2007
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988.
More information:

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2007-0906

    It was discovered that an integer overflow in the str_replace() function could lead to the execution of arbitrary code.

  • CVE-2007-0907

    It was discovered that a buffer underflow in the sapi_header_op() function could crash the PHP interpreter.

  • CVE-2007-0908

    Stefan Esser discovered that a programming error in the wddx extension allows information disclosure.

  • CVE-2007-0909

    It was discovered that a format string vulnerability in the odbc_result_all() functions allows the execution of arbitrary code.

  • CVE-2007-0910

    It was discovered that super-global variables could be overwritten with session data.

  • CVE-2007-0988

    Stefan Esser discovered that the zend_hash_init() function could be tricked into an endless loop, allowing denial of service through resource consumption until a timeout is triggered.

For the stable distribution (sarge) these problems have been fixed in version 4:4.3.10-19.

For the unstable distribution (sid) these problems have been fixed in version 6:4.4.4-9 of php4 and version 5.2.0-9 of php5.

We recommend that you upgrade your php4 packages.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Architecture-independent component:
Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.