Vulnerability CVE-2007-4661

Vulnerability Name:

CVE-2007-4661 (CCN-36626)

Assigned:

2007-08-30

Published:

2007-08-30

Updated:

2018-10-03

Summary:

The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow.
Note: this is due to an incomplete fix for CVE-2007-2872.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-399
CWE-119

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2007-4661

Source: MISC
Type: Exploit
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:004

Source: CCN
Type: RHSA-2007-0917
Moderate: php security update

Source: CCN
Type: SA26642
PHP Multiple Vulnerabilities

Source: SECUNIA
Type: Patch
26642

Source: SECUNIA
Type: UNKNOWN
26838

Source: SECUNIA
Type: UNKNOWN
27102

Source: SECUNIA
Type: UNKNOWN
27864

Source: SECUNIA
Type: UNKNOWN
28658

Source: CCN
Type: GLSA-200710-02
PHP: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200710-02

Source: CCN
Type: PHP5 ChangeLog
Version 5.2.4

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/ChangeLog-5.php#5.2.4

Source: CCN
Type: PHP 5.2.4 Release Announcement
Security Enhancements and Fixes in PHP 5.2.4

Source: CONFIRM
Type: Patch
http://www.php.net/releases/5_2_4.php

Source: CCN
Type: USN-549-1
PHP vulnerabilities

Source: CCN
Type: USN-549-2
PHP regression

Source: UBUNTU
Type: UNKNOWN
USN-549-2

Source: XF
Type: UNKNOWN
php-chunksplit-buffersize-unspecified(36626)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1702

Source: CONFIRM
Type: UNKNOWN
https://launchpad.net/bugs/173043

Source: UBUNTU
Type: UNKNOWN
USN-549-1

Source: SUSE
Type: SUSE-SA:2008:004
php5 php4 Security Problems

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_application_stack:2:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20074661	V	CVE-2007-4661	2015-11-16
oval:org.mitre.oval:def:16967	P	USN-549-2 -- php5 regression	2014-06-30
oval:org.mitre.oval:def:17624	P	USN-549-1 -- php5 vulnerabilities	2014-06-30

BACK