Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2007-6039: possible DoS

Related Vulnerabilities: CVE-2007-6039   CVE-2007-5900   CVE-2006-4625   CVE-2007-5898   CVE-2006-5465   CVE-2007-5899  

Source

Debian Bug report logs - #453295
CVE-2007-6039: possible DoS

version graph

Package: php5-common; Maintainer for php5-common is Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>; Source for php5-common is src:php5 (PTS, buildd, popcon).

Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>

Date: Wed, 28 Nov 2007 12:00:01 UTC

Severity: important

Tags: security

Fixed in versions php5/5.2.5-1, php5/5.2.0-8+etch9

Done: Thijs Kinkhorst <thijs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#453295; Package php5-common. (full text, mbox, link).

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2007-6039: possible DoS
Date: Wed, 28 Nov 2007 22:56:28 +1100
Package: php5-common
Severity: important
Tags: security

Hi

The following CVE[0] has been issued against php5. Could you please
check, if the debian packages are affected?

CVE-2007-6039:

PHP 5.2.5 and earlier allows context-dependent attackers to cause a
denial of service (application crash) via a long string in (1) the
domain parameter to the dgettext function, the message parameter to the
(2) dcgettext or (3) gettext function, the msgid1 parameter to the (4)
dngettext or (5) ngettext function, or (6) the classname parameter to
the stream_wrapper_register function. NOTE: this might not be a
vulnerability in most web server environments that support multiple
threads, unless this issue can be demonstrated for code execution.

In case you fix this bug by an upload, please mention the CVE id in your
changelog.

Cheers
Steffen

[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6039

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#453295; Package php5-common. (full text, mbox, link).

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (full text, mbox, link).

Message #10 received at 453295@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: 453295@bugs.debian.org
Subject: three more CVEs
Date: Wed, 28 Nov 2007 23:16:35 +1100
[Message part 1 (text/plain, inline)]
Hi

There were three more CVEs[0][1][2] issued for php5.

CVE-2007-5900:

PHP before 5.2.5 allows local users to bypass protection mechanisms configured 
through php_admin_value or php_admin_flag in httpd.conf by using ini_set to 
modify arbitrary configuration variables, a different issue than 
CVE-2006-4625.

CVE-2007-5898:

The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 
accept partial multibyte sequences, which has unknown impact and attack 
vectors, a different issue than CVE-2006-5465. 

CVE-2007-5899:

The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms 
in which the ACTION attribute references a non-local URL, which allows remote 
attackers to obtain potentially sensitive information by reading the requests 
for this URL, as demonstrated by a rewritten form containing a local session 
ID.

Cheers
Steffen

[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5900

[1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898

[2]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899

[signature.asc (application/pgp-signature, inline)]

Bug marked as fixed in version 5.2.5-1, send any further explanations to Steffen Joeris <steffen.joeris@skolelinux.de> Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Wed, 07 May 2008 10:24:03 GMT) (full text, mbox, link).

Bug marked as fixed in version 5.2.0-8+etch9, send any further explanations to Steffen Joeris <steffen.joeris@skolelinux.de> Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Wed, 07 May 2008 10:24:04 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 05 Jun 2008 07:41:04 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:24:32 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started