|
|
PHP Import_Request_Variables Arbitrary Variable Overwrite Vulnerability
|
Bugtraq ID:
|
22886
|
|
Class:
|
Design Error
|
|
CVE:
|
CVE-2007-1396
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Mar 09 2007 12:00AM
|
|
Updated:
|
Jul 12 2007 09:17PM
|
|
Credit:
|
Stefano Di Paola and Stefan Esser independently discovered this vulnerability.
|
|
Vulnerable:
|
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SLE SDK 10.SP1
S.u.S.E. openSUSE 10.2
S.u.S.E. Novell Linux POS 9
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Enterprise Server 10.SP1
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.0 x86-64
S.u.S.E. Linux 10.0 x86
S.u.S.E. Linux 10.0 ppc
PHP-Nuke PHP-Nuke 8.0
PHP PHP 5.2.1
+
Ubuntu Ubuntu Linux 7.04 sparc
+
Ubuntu Ubuntu Linux 7.04 powerpc
+
Ubuntu Ubuntu Linux 7.04 i386
+
Ubuntu Ubuntu Linux 7.04 amd64
PHP PHP 5.1.6
+
Ubuntu Ubuntu Linux 6.10 sparc
+
Ubuntu Ubuntu Linux 6.10 powerpc
+
Ubuntu Ubuntu Linux 6.10 i386
+
Ubuntu Ubuntu Linux 6.10 amd64
PHP PHP 5.1.5
PHP PHP 5.1.4
PHP PHP 5.1.3
PHP PHP 5.1.3
PHP PHP 5.1.2
+
Ubuntu Ubuntu Linux 6.06 LTS sparc
+
Ubuntu Ubuntu Linux 6.06 LTS powerpc
+
Ubuntu Ubuntu Linux 6.06 LTS i386
+
Ubuntu Ubuntu Linux 6.06 LTS amd64
PHP PHP 5.1.1
PHP PHP 5.1
PHP PHP 5.0.5
PHP PHP 5.0.4
PHP PHP 5.0.3
+
Trustix Secure Linux 2.2
PHP PHP 5.0.2
PHP PHP 5.0.1
PHP PHP 5.0 candidate 3
PHP PHP 5.0 candidate 2
PHP PHP 5.0 candidate 1
PHP PHP 5.0 .0
PHP PHP 4.4.6
PHP PHP 4.4.5
PHP PHP 4.4.4
PHP PHP 4.4.3
PHP PHP 4.4.2
PHP PHP 4.4.1
PHP PHP 4.4 .0
PHP PHP 4.3.11
PHP PHP 4.3.10
+
Gentoo Linux
+
RedHat Fedora Core3
+
Trustix Secure Enterprise Linux 2.0
+
Trustix Secure Linux 2.2
+
Trustix Secure Linux 2.1
+
Trustix Secure Linux 2.0
+
Trustix Secure Linux 1.5
PHP PHP 4.3.9
PHP PHP 4.3.8
+
MandrakeSoft Linux Mandrake 10.1 x86_64
+
MandrakeSoft Linux Mandrake 10.1
+
S.u.S.E. Linux Personal 9.2
+
Turbolinux Turbolinux Server 10.0
+
Ubuntu Ubuntu Linux 4.1 ppc
+
Ubuntu Ubuntu Linux 4.1 ia64
+
Ubuntu Ubuntu Linux 4.1 ia32
PHP PHP 4.3.7
PHP PHP 4.3.6
PHP PHP 4.3.5
PHP PHP 4.3.4
+
MandrakeSoft Corporate Server 3.0 x86_64
+
MandrakeSoft Corporate Server 3.0
+
MandrakeSoft Linux Mandrake 10.0 AMD64
+
MandrakeSoft Linux Mandrake 10.0
+
S.u.S.E. Linux Personal 9.1
PHP PHP 4.3.3
+
S.u.S.E. Linux Personal 9.0 x86_64
+
S.u.S.E. Linux Personal 9.0
+
Turbolinux Home
+
Turbolinux Turbolinux 10 F...
+
Turbolinux Turbolinux Desktop 10.0
PHP PHP 4.3.2
PHP PHP 4.3.1
+
MandrakeSoft Linux Mandrake 9.1 ppc
+
MandrakeSoft Linux Mandrake 9.1
+
OpenPKG OpenPKG Current
+
S.u.S.E. Linux Personal 8.2
PHP PHP 4.3
PHP PHP 4.2.3
+
EnGarde Secure Linux 1.0.1
+
MandrakeSoft Corporate Server 2.1 x86_64
+
MandrakeSoft Corporate Server 2.1
+
MandrakeSoft Linux Mandrake 9.0
+
Turbolinux Turbolinux Server 8.0
+
Turbolinux Turbolinux Server 7.0
+
Turbolinux Turbolinux Workstation 8.0
+
Turbolinux Turbolinux Workstation 7.0
PHP PHP 4.2.2
+
Gentoo Linux 1.4 _rc1
+
Gentoo Linux 1.2
+
OpenPKG OpenPKG 1.1
+
RedHat Linux 8.0 i386
+
RedHat Linux 8.0
+
S.u.S.E. Linux 8.1
PHP PHP 4.2.1
-
FreeBSD FreeBSD 4.6
-
FreeBSD FreeBSD 4.5
-
FreeBSD FreeBSD 4.4
-
FreeBSD FreeBSD 4.3
+
Slackware Linux 8.1
PHP PHP 4.2 .0
PHP PHP 4.2 -dev
PHP PHP 4.1.2
+
Apple Mac OS X 10.1.5
+
Apple Mac OS X 10.1.4
+
Apple Mac OS X 10.1.3
+
Apple Mac OS X 10.1.2
+
Apple Mac OS X 10.1.1
+
Apple Mac OS X 10.1
+
Apple Mac OS X 10.1
+
Apple Mac OS X 10.0.4
+
Apple Mac OS X 10.0.3
+
Apple Mac OS X 10.0.2
+
Apple Mac OS X 10.0.1
+
Apple Mac OS X 10.0
+
Debian Linux 3.0 sparc
+
Debian Linux 3.0 s/390
+
Debian Linux 3.0 ppc
+
Debian Linux 3.0 mipsel
+
Debian Linux 3.0 mips
+
Debian Linux 3.0 m68k
+
Debian Linux 3.0 ia-64
+
Debian Linux 3.0 ia-32
+
Debian Linux 3.0 hppa
+
Debian Linux 3.0 arm
+
Debian Linux 3.0 alpha
+
MandrakeSoft Linux Mandrake 8.2 ppc
+
MandrakeSoft Linux Mandrake 8.2
+
MandrakeSoft Multi Network Firewall 2.0
+
MandrakeSoft Single Network Firewall 7.2
PHP PHP 4.1.1
+
Conectiva Linux 7.0
PHP PHP 4.1 .0
+
S.u.S.E. Linux 8.0 i386
+
S.u.S.E. Linux 8.0
PHP PHP 4.0.7 RC3
PHP PHP 4.0.7 RC2
PHP PHP 4.0.7 RC1
PHP PHP 4.0.7
PHP PHP 5.2
+
Debian Linux 4.0 sparc
+
Debian Linux 4.0 s/390
+
Debian Linux 4.0 powerpc
+
Debian Linux 4.0 mipsel
+
Debian Linux 4.0 mips
+
Debian Linux 4.0 m68k
+
Debian Linux 4.0 ia-64
+
Debian Linux 4.0 ia-32
+
Debian Linux 4.0 hppa
+
Debian Linux 4.0 arm
+
Debian Linux 4.0 amd64
+
Debian Linux 4.0 alpha
+
Debian Linux 4.0
|
|
|
|
Not Vulnerable:
|
PHP PHP 5.2.2
PHP PHP 4.4.7
-
Slackware Linux 10.2
-
Slackware Linux 11.0
-
Slackware Linux -current
|
|
|
