HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-26
PHP “libxmlrpc library ()”, “make_http_soap_request ()”, user_filter_factory_create ()" Buffer Overflow and "ftp_putcmd ()"CRLF Injection Vulnerabilities

Original issue date: May 18, 2007

Severity Rating: High

Systems Affected

  • PHP versions 5.x
  • PHP versions 4.x

Overview

Multiple vulnerabilities have been reported in PHP which could be exploited by remote/local attackers to execute arbitrary code on the affected system and potentially compromise a vulnerable system.

Description

1. PHP libxmlrpc library Buffer overflow vulnerability ( CVE-2007-1864 )

A vulnerability has been reported in PHP due to boundary error in the libxmlrpc library. A remote attacker could exploit the vulnerability by sending specially crafted data to the PHP xmlrpc extension to execute arbitrary code on the affected system

2. PHP "ftp_putcmd ()" CRLF injection vulnerability ( CVE-2007-2509 )

A vulnerability has been reported in PHP due to an input validation error in the "ftp_putcmd()" function, which could be exploited by remote attackers to inject arbitrary FTP commands through CRLF sequences in the parameters to earlier FTP commands.

3. PHP "make_http_soap_request ()" Buffer overflow vulnerability ( CVE-2007-2510 )
Buffer overflow vulnerability has been reported in PHP due to a boundary error in the "make_http_soap_request()" function. A remote attacker could exploit the vulnerability to execute an arbitrary code on the affected system.

4. PHP "user_filter_factory_create ()" Buffer overflow vulnerability ( CVE-2007-2511 )

Buffer overflow vulnerability has been reported in PHP due to boundry error in the " user_filter_factory_create ()" function. A local attacker could exploit the vulnerability to execute arbitrary code on the affected system.

Solution

Upgrade to the latest version.
http://www.php.net/downloads.php

Vendor Information

PHP
http://www.php.net/releases/5_2_2.php
http://www.php.net/releases/4_4_7.php


References

FrSIRT
http://www.frsirt.com/english/advisories/2007/1657

Secunia
http://secunia.com/advisories/25123/

Security Focus
http://www.securityfocus.com/bid/22764
http://www.securityfocus.com/bid/22886
http://www.securityfocus.com/bid/22954
http://www.securityfocus.com/bid/22803

CVE Name
CVE-2007-1864
CVE-2007-2509
CVE-2007-2510
CVE-2007-2511


Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003