• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHP 5 Substr_Count Integer Overflow Vulnerability

Bugtraq ID:	24012
Class:	Boundary Condition Error
CVE:	CVE-2007-1375
Remote:	No
Local:	Yes
Published:	May 16 2007 12:00AM
Updated:	Aug 06 2007 06:34PM
Credit:	The vendor disclosed this issue.
Vulnerable:	S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SUSE Linux Enterprise Server 9 SP3 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Server 10 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 S.u.S.E. SLE SDK 9 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. SLE SDK 10 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Office Server S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 x86_64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 x86_64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Openexchange Server S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux Enterprise Server 10 + Linux kernel 2.6.5 S.u.S.E. Linux Enterprise SDK 10 S.u.S.E. Linux Desktop 10 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc PHP PHP 5.2.1 + Ubuntu Ubuntu Linux 7.04 sparc + Ubuntu Ubuntu Linux 7.04 powerpc + Ubuntu Ubuntu Linux 7.04 i386 + Ubuntu Ubuntu Linux 7.04 amd64 PHP PHP 5.1.6 + Ubuntu Ubuntu Linux 6.10 sparc + Ubuntu Ubuntu Linux 6.10 powerpc + Ubuntu Ubuntu Linux 6.10 i386 + Ubuntu Ubuntu Linux 6.10 amd64 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 + Ubuntu Ubuntu Linux 6.06 LTS sparc + Ubuntu Ubuntu Linux 6.06 LTS powerpc + Ubuntu Ubuntu Linux 6.06 LTS i386 + Ubuntu Ubuntu Linux 6.06 LTS amd64 PHP PHP 5.1.1 PHP PHP 5.1 PHP PHP 5.0.5 PHP PHP 5.0.4 PHP PHP 5.0.3 + Trustix Secure Linux 2.2 PHP PHP 5.0.2 PHP PHP 5.0.1 PHP PHP 5.0 candidate 3 PHP PHP 5.0 candidate 2 PHP PHP 5.0 candidate 1 PHP PHP 5.2 + Debian Linux 4.0 sparc + Debian Linux 4.0 s/390 + Debian Linux 4.0 powerpc + Debian Linux 4.0 mipsel + Debian Linux 4.0 mips + Debian Linux 4.0 m68k + Debian Linux 4.0 ia-64 + Debian Linux 4.0 ia-32 + Debian Linux 4.0 hppa + Debian Linux 4.0 arm + Debian Linux 4.0 amd64 + Debian Linux 4.0 alpha + Debian Linux 4.0
Not Vulnerable:	PHP PHP 5.2.2