National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2007-2872 Detail

Current Description

Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.

Source:  MITRE      Last Modified:  06/04/2007      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2007-2872
Original release date:
06/04/2007
Last revised:
10/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
6.8 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (08/02/2007)

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2872 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 External Source HP SSRT071447
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 External Source HP HPSBUX02308
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html External Source SUSE SUSE-SA:2007:044
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html External Source SUSE SUSE-SA:2008:004
http://rhn.redhat.com/errata/RHSA-2007-0889.html Vendor Advisory External Source REDHAT RHSA-2007:0889
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863 External Source SLACKWARE SSA:2007-152-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136 External Source SLACKWARE SSA:2008-045-03
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm External Source CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml External Source GENTOO GLSA-200710-02
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 External Source MANDRIVA MDKSA-2007:187
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html External Source OPENPKG OpenPKG-SA-2007.020
http://www.php.net/ChangeLog-4.php External Source CONFIRM http://www.php.net/ChangeLog-4.php
http://www.php.net/releases/4_4_8.php External Source CONFIRM http://www.php.net/releases/4_4_8.php
http://www.php.net/releases/5_2_3.php Patch External Source CONFIRM http://www.php.net/releases/5_2_3.php
http://www.redhat.com/support/errata/RHSA-2007-0888.html Vendor Advisory External Source REDHAT RHSA-2007:0888
http://www.redhat.com/support/errata/RHSA-2007-0890.html Vendor Advisory External Source REDHAT RHSA-2007:0890
http://www.redhat.com/support/errata/RHSA-2007-0891.html External Source REDHAT RHSA-2007:0891
http://www.sec-consult.com/291.html External Source MISC http://www.sec-consult.com/291.html
http://www.securityfocus.com/archive/1/archive/1/470244/100/0/threaded External Source BUGTRAQ 20070601 SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow
http://www.securityfocus.com/archive/1/archive/1/491693/100/0/threaded External Source HP HPSBUX02332
http://www.securityfocus.com/bid/24261 External Source BID 24261
http://www.securitytracker.com/id?1018186 External Source SECTRACK 1018186
http://www.trustix.org/errata/2007/0023/ External Source TRUSTIX 2007-0023
http://www.ubuntu.com/usn/usn-549-2 External Source UBUNTU USN-549-2
http://www.ubuntulinux.org/support/documentation/usn/usn-549-1 External Source UBUNTU USN-549-1
http://www.vupen.com/english/advisories/2007/2061 External Source VUPEN ADV-2007-2061
http://www.vupen.com/english/advisories/2007/3386 External Source VUPEN ADV-2007-3386
http://www.vupen.com/english/advisories/2008/0059 External Source VUPEN ADV-2008-0059
http://www.vupen.com/english/advisories/2008/0398 External Source VUPEN ADV-2008-0398
https://exchange.xforce.ibmcloud.com/vulnerabilities/39398 External Source XF php-chunksplit-security-bypass(39398)
https://issues.rpath.com/browse/RPL-1693 External Source CONFIRM https://issues.rpath.com/browse/RPL-1693
https://issues.rpath.com/browse/RPL-1702 External Source CONFIRM https://issues.rpath.com/browse/RPL-1702
https://launchpad.net/bugs/173043 External Source CONFIRM https://launchpad.net/bugs/173043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424 External Source OVAL oval:org.mitre.oval:def:9424
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html External Source FEDORA FEDORA-2007-709
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html External Source FEDORA FEDORA-2007-2215

References to Check Content

Identifier:
oval:org.mitre.oval:def:9424
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9424

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes