Vulnerability Name:

CVE-2007-1889 (CCN-33770)

Assigned:2007-03-31
Published:2007-03-31
Updated:2017-07-29
Summary:Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-1889

Source: SECUNIA
Type: UNKNOWN
25056

Source: SECUNIA
Type: UNKNOWN
25062

Source: DEBIAN
Type: UNKNOWN
DSA-1283

Source: DEBIAN
Type: DSA-1283
php5 -- several vulnerabilities

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:032

Source: CCN
Type: OSVDB ID: 33961
PHP Zend Memory Manager Signed Comparison Multiple Overflows

Source: MISC
Type: Patch, Vendor Advisory
http://www.php-security.org/MOPB/MOPB-43-2007.html

Source: CCN
Type: MOPB-44-2007
PHP 5.2.0 Memory Manager Signed Comparision Vulnerability

Source: MISC
Type: Vendor Advisory
http://www.php-security.org/MOPB/MOPB-44-2007.html

Source: CCN
Type: PHP Web site
PHP: Hypertext Preprocessor

Source: BID
Type: UNKNOWN
23238

Source: CCN
Type: BID-23238
PHP Memory Manager Sign Comparison Multiple Buffer Overflow Vulnerabilities

Source: XF
Type: UNKNOWN
zend-zendmmallocint-bo(33770)

Source: XF
Type: UNKNOWN
zend-zendmmallocint-bo(33770)

Source: SUSE
Type: SUSE-SA:2007:032
PHP security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:19944
    P
    		DSA-1283-1 php5
    2014-06-23
    oval:org.opensuse.security:def:20071889
    V
    		CVE-2007-1889
    2012-07-03
    oval:org.debian:def:1283
    V
    		several vulnerabilities
    2007-04-29
    BACK
    php php 5.2.0
    php php 5.2.0
    debian debian linux 3.1
    novell open enterprise server *
    debian debian linux 4.0
    novell open enterprise server *
    novell opensuse 10.2