Vulnerability Name:

CVE-2007-1325 (CCN-25704)

Assigned:2006-04-08
Published:2006-04-08
Updated:2011-03-08
Summary:The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions.
Note: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.
This vulnerability is addressed in the following product update:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Full-Disclosure Mailing List, Sat Apr 08 2006 - 14:40:02 CDT
function *() php/apache Crash PHP 4.4.2 and 5.1.2

Source: MITRE
Type: CNA
CVE-2006-1549

Source: MITRE
Type: CNA
CVE-2007-1325

Source: CCN
Type: PHP CVS Repository
[cvs] Index of /php-src

Source: OSVDB
Type: UNKNOWN
36834

Source: SECUNIA
Type: UNKNOWN
26733

Source: CCN
Type: SECTRACK ID: 1015880
PHP Self-Referencing Function Memory Allocation Error May Let Local Users Deny Service

Source: CONFIRM
Type: Patch
http://sourceforge.net/tracker/index.php?func=detail&aid=1671813&group_id=23067&atid=377408

Source: DEBIAN
Type: DSA-1370
phpmyadmin -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:199

Source: CCN
Type: OSVDB ID: 24485
PHP function *() Memory Access Error Local DoS

Source: CCN
Type: OSVDB ID: 36834
phpMyAdmin libraries/common.lib.php PMA_ArrayWalkRecursive Array Recursion DoS

Source: CCN
Type: MOPB-02-2007
PHP Executor Deep Recursion Stack Overflow

Source: MISC
Type: UNKNOWN
http://www.php-security.org/MOPB/MOPB-02-2007.html

Source: CCN
Type: The PHP Group Web site
PHP: Hypertext Preprocessor

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/ChangeLog-4.php

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/releases/4_4_8.php

Source: CONFIRM
Type: Patch
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3

Source: CCN
Type: BID-22766
PHP Executor Deep Recursion Remote Denial of Service Vulnerability

Source: BID
Type: Patch
22841

Source: CCN
Type: BID-22841
phpMyAdmin PMA_ArrayWalkRecursive Function Remote Denial of Service Vulnerability

Source: DEBIAN
Type: UNKNOWN
DSA-1370

Source: VUPEN
Type: UNKNOWN
ADV-2007-0831

Source: XF
Type: UNKNOWN
php-recursion-dos(25704)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* (Version <= 2.10.0.1)

    • Configuration CCN 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20071325
    V
    		CVE-2007-1325
    2015-11-16
    oval:org.mitre.oval:def:18380
    P
    		DSA-1370-2 phpmyadmin - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:20451
    P
    		DSA-1370-1 phpmyadmin - several vulnerabilities
    2014-06-23
    oval:org.debian:def:1370
    V
    		several vulnerabilities
    2007-09-09
    BACK
    phpmyadmin phpmyadmin *
    php php *
    debian debian linux 3.1
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    debian debian linux 4.0