what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2007-2509

Status Candidate

Overview

CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.

Related Files

Gentoo Linux Security Advisory 200705-19
Posted May 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-19 - Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the GD library and in the substr_compare() PHP 5 function. Ilia Alshanetsky also reported a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions, and Stanislav Malyshev discovered another buffer overflow in the bundled XMLRPC library. Additionally, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability. Finally, there exist implementation errors in the Zend engine, in the mb_parse_str(), the unserialize() and the mail() functions and other elements. Versions less than 5.2.2 are affected.

tags | advisory, overflow, php, vulnerability
systems | linux, gentoo
advisories | CVE-2007-1001, CVE-2007-1285, CVE-2007-1286, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1701, CVE-2007-1711, CVE-2007-1717, CVE-2007-1718, CVE-2007-1864, CVE-2007-1900, CVE-2007-2509, CVE-2007-2510, CVE-2007-2511
SHA-256 | 85b7223b6bfd70f54588716713c6a4f7ef1cdaf921d40a164c836fe16bbb3b6f
Ubuntu Security Notice 462-1
Posted May 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 462-1 - A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially crafted SOAP request and execute arbitrary code with web server privileges. Ilia Alshanetsky discovered a buffer overflow in the user filter factory in PHP. A local attacker could create a specially crafted script and execute arbitrary code with web server privileges. Gregory Beaver discovered that the PEAR installer did not validate installation paths. If a user were tricked into installing a malicious PEAR package, an attacker could overwrite arbitrary files.

tags | advisory, remote, web, overflow, arbitrary, local, php
systems | linux, ubuntu
advisories | CVE-2007-2519, CVE-2007-2511, CVE-2007-2510, CVE-2007-2509
SHA-256 | 4270f8e9ae4654fadf832c0bd519c5b09117a7ca233ee391480dd1eaf3de91aa
Debian Linux Security Advisory 1296-1
Posted May 22, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1296-1 - It was discovered that the ftp extension of PHP, a server-side, HTML-embedded scripting language performs insufficient input sanitising, which permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server.

tags | advisory, arbitrary, php
systems | linux, debian
advisories | CVE-2007-2509
SHA-256 | d3c6df087bbead582c60dfc8e0548646c6d296403aeda1230fa3321797dc4092
Debian Linux Security Advisory 1295-1
Posted May 22, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1295-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2007-2509, CVE-2007-2510
SHA-256 | 720391f44dba45c14430fe4f2f1c12503278e087480a630e641c643a5b18c89c
Mandriva Linux Security Advisory 2007.103
Posted May 12, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities in PHP4 have been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1864, CVE-2007-2509
SHA-256 | ae759429289c1a3693ebe71fa61005c7aa7fcbf3ea7221d2667bd23c8df1c652
Mandriva Linux Security Advisory 2007.102
Posted May 12, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities in PHP have been fixed.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1864, CVE-2007-2509, CVE-2007-2510, CVE-2007-2511
SHA-256 | 309a748bbde2fa997c8e6a8ce844c9b4e8862353547fad0c2c90deb5ea8933c6
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close