Debian Security Advisory

DSA-1578-1 php4 -- several vulnerabilities

Date Reported:
17 May 2008
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2007-3799, CVE-2007-3806, CVE-2007-3998, CVE-2007-4657, CVE-2008-2051.
More information:

Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2007-3799

    The session_start function allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from various parameters.

  • CVE-2007-3806

    A denial of service was possible through a malicious script abusing the glob() function.

  • CVE-2007-3998

    Certain maliciously constructed input to the wordwrap() function could lead to a denial of service attack.

  • CVE-2007-4657

    Large len values of the stspn() or strcspn() functions could allow an attacker to trigger integer overflows to expose memory or cause denial of service.

  • CVE-2008-2051

    The escapeshellcmd API function could be attacked via incomplete multibyte chars.

For the stable distribution (etch), these problems have been fixed in version 6:4.4.4-8+etch6.

The php4 packages are no longer present the unstable distribution (sid).

We recommend that you upgrade your php4 package.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Architecture-independent component:
HP Precision:
Intel IA-32:
Intel IA-64:
Big-endian MIPS:
Little-endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.