Vulnerability Name:

CVE-2007-1375 (CCN-33036)

Assigned:2007-03-07
Published:2007-03-07
Updated:2017-10-11
Summary:Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2007-1375

Source: MITRE
Type: CNA
CVE-2007-2748

Source: SECUNIA
Type: UNKNOWN
24606

Source: SECUNIA
Type: UNKNOWN
25056

Source: SECUNIA
Type: UNKNOWN
25057

Source: SECUNIA
Type: UNKNOWN
25062

Source: CCN
Type: SA25123
PHP Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
26895

Source: GENTOO
Type: UNKNOWN
GLSA-200703-21

Source: CONFIRM
Type: UNKNOWN
http://us2.php.net/releases/5_2_2.php

Source: DEBIAN
Type: UNKNOWN
DSA-1283

Source: DEBIAN
Type: DSA-1283
php5 -- several vulnerabilities

Source: CCN
Type: GLSA-200703-21
PHP: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:187

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:032

Source: CCN
Type: OpenPKG-SA-2007.019
php

Source: OSVDB
Type: UNKNOWN
32780

Source: CCN
Type: OSVDB ID: 32780
PHP substr_compare() Function Arbitrary Memory Disclosure

Source: CCN
Type: OSVDB ID: 34730
PHP substr_count() Function Arbitrary Memory Disclosure

Source: CCN
Type: MOPB-14-2007
PHP substr_compare() Information Leak Vulnerability

Source: MISC
Type: Exploit, Vendor Advisory
http://www.php-security.org/MOPB/MOPB-14-2007.html

Source: CCN
Type: PHP Web site
PHP: Hypertext Preprocessor

Source: CCN
Type: The PHP Group Web site
PHP 5.2.2 Release Announcement

Source: BID
Type: UNKNOWN
22851

Source: CCN
Type: BID-22851
PHP 5 Substr_Compare Integer Overflow Vulnerability

Source: CCN
Type: BID-24012
PHP 5 Substr_Count Integer Overflow Vulnerability

Source: CCN
Type: USN-455-1
PHP vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-455-1

Source: XF
Type: UNKNOWN
php-substrcompare-integer-overflow(33036)

Source: EXPLOIT-DB
Type: UNKNOWN
3424

Source: SUSE
Type: SUSE-SA:2007:032
PHP security problems

Source: SUSE
Type: SUSE-SR:2007:015
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.2.1)

    • Configuration CCN 1:
  • cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20071375
    V
    		CVE-2007-1375
    2015-11-16
    oval:org.mitre.oval:def:19944
    P
    		DSA-1283-1 php5
    2014-06-23
    oval:org.debian:def:1283
    V
    		several vulnerabilities
    2007-04-29
    BACK
    php php *
    php php 5.2.1
    suse suse linux *
    openpkg openpkg current
    gentoo linux *
    mandrakesoft mandrake linux corporate server 3.0
    debian debian linux 3.1
    novell open enterprise server *
    mandrakesoft mandrake multi network firewall 2.0
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    mandrakesoft mandrake linux 2007.1
    novell open enterprise server *
    novell opensuse 10.2