CVE-2007-1453 - Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP

CVE-2007-1453

Summary

Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.

References

Vulnerable Configurations

cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 05-09-2008 - 21:20)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	22922
debian	DSA-1283
misc	http://www.php-security.org/MOPB/MOPB-19-2007.html http://www.php.net/releases/5_2_1.php
secunia	25056 25062
suse	SUSE-SA:2007:032

statements via4

contributor	Mark J Cox
lastmodified	2007-04-16
organization	Red Hat
statement	Not vulnerable. The filter extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.

Last major update

05-09-2008 - 21:20

Published

14-03-2007 - 18:19

Last modified

05-09-2008 - 21:20