PHP Chunk_Split() Function Integer Overflow Vulnerability

Bugtraq ID: 24261
Class: Boundary Condition Error
CVE: CVE-2007-2872
Remote: Yes
Local: No
Published: May 31 2007 12:00AM
Updated: May 20 2008 05:34PM
Credit: Gerhard Wagner found this vulnerability.
Vulnerable: Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Trustix Secure Linux 3.0.5
Trustix Secure Linux 3.0
Trustix Secure Linux 2.0
Trustix Operating System Enterprise Server 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise SDK 9
SuSE SUSE Linux Enterprise SDK 10.SP1
SuSE Linux Enterprise Server 9
SuSE Linux Enterprise Server 10.SP1
Slackware Linux 10.2
Slackware Linux 11.0
Slackware Linux -current
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.0 x86-64
S.u.S.E. Linux 10.0 x86
S.u.S.E. Linux 10.0 ppc
rPath rPath Linux 1
Redhat Fedora Core7
Redhat Fedora Core6
Redhat Enterprise Linux WS 4
Redhat Enterprise Linux WS 3
Redhat Enterprise Linux WS 2.1 IA64
Redhat Enterprise Linux WS 2.1
Redhat Enterprise Linux ES 4
Redhat Enterprise Linux ES 3
Redhat Enterprise Linux ES 2.1 IA64
Redhat Enterprise Linux ES 2.1
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux AS 4
Redhat Enterprise Linux AS 3
Redhat Enterprise Linux AS 2.1 IA64
Redhat Enterprise Linux AS 2.1
Redhat Enterprise Linux 5 Server
Redhat Desktop 4.0
Redhat Desktop 3.0
Redhat Application Stack v1 for Enterprise Linux ES 4
Redhat Application Stack v1 for Enterprise Linux AS 4
Redhat Advanced Workstation for the Itanium Processor 2.1 IA64
Redhat Advanced Workstation for the Itanium Processor 2.1
PHP PHP 5.2.3
PHP PHP 5.2.2
PHP PHP 5.2.1
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64
PHP PHP 5.1.6
PHP PHP 5.1.5
PHP PHP 5.1.4
PHP PHP 5.1.3 -RC1
PHP PHP 5.1.3
PHP PHP 5.1.2
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64
PHP PHP 5.1.1
PHP PHP 5.1
PHP PHP 5.0.5
PHP PHP 5.0.4
PHP PHP 5.0.3
+ Trustix Secure Linux 2.2
PHP PHP 5.0.2
PHP PHP 5.0.1
PHP PHP 5.0 candidate 3
PHP PHP 5.0 candidate 2
PHP PHP 5.0 candidate 1
PHP PHP 5.0 .0
PHP PHP 5.2
+ Debian Linux 4.0 sparc
+ Debian Linux 4.0 s/390
+ Debian Linux 4.0 powerpc
+ Debian Linux 4.0 mipsel
+ Debian Linux 4.0 mips
+ Debian Linux 4.0 m68k
+ Debian Linux 4.0 ia-64
+ Debian Linux 4.0 ia-32
+ Debian Linux 4.0 hppa
+ Debian Linux 4.0 arm
+ Debian Linux 4.0 amd64
+ Debian Linux 4.0 alpha
+ Debian Linux 4.0
OpenPKG OpenPKG E1.0-Solid
OpenPKG OpenPKG Current
HP HP-UX B.11.31
HP HP-UX B.11.23
HP HP-UX B.11.11
Gentoo Linux
Avaya Messaging Storage Server MSS 3.0
Avaya Messaging Storage Server 3.1
Avaya Message Networking MN 3.1
Avaya Message Networking 3.1
Avaya Intuity AUDIX LX 2.0
Avaya Communication Manager 4.0
Avaya Communication Manager 3.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Application Enablement Services 4.0.1
Avaya Aura Application Enablement Services 3.1.4
Avaya Aura Application Enablement Services 3.1.3
Avaya Aura Application Enablement Services 3.0
Avaya AES 4.0
Avaya AES 3.1
Not Vulnerable: PHP PHP 5.2.4


 

Privacy Statement
Copyright 2010, SecurityFocus