CVE-2007-1399 - Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with

CVE-2007-1399

Summary

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.

References

Vulnerable Configurations

cpe:2.3:a:pecl_zip:1.8.3:*:*:*:*:*:*:*:*
cpe:2.3:a:pecl_zip:1.8.3:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	22883
debian	DSA-1330
misc	http://www.php-security.org/MOPB/MOPB-16-2007.html
osvdb	32782
secunia	24471 24514 25938
suse	SUSE-SA:2007:020
vupen	ADV-2007-0898
xf	pecl-url-wrapper-bo(32889)

statements via4

contributor	Mark J Cox
lastmodified	2007-04-16
organization	Red Hat
statement	Not vulnerable. The zip extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.

Last major update

29-07-2017 - 01:30

Published

10-03-2007 - 22:19

Last modified

29-07-2017 - 01:30