CVE-2007-1887 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2007-1887?

CVE-2007-1887 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-1887?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Php	Php	>= 4.0, < 4.4.5
Canonical	Ubuntu Linux	6.06
Debian	Debian Linux	4.0

Related Weaknesses (CWE)

CWE-120

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795Broken Link
http://secunia.com/advisories/24909Not Applicable
http://secunia.com/advisories/25057Not Applicable
http://secunia.com/advisories/25062Not Applicable
http://secunia.com/advisories/27037Not Applicable
http://secunia.com/advisories/27102Not Applicable
http://secunia.com/advisories/27110Not Applicable
http://www.debian.org/security/2007/dsa-1283Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xmlThird Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:088Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:089Broken Link
http://www.php-security.org/MOPB/MOPB-41-2007.htmlBroken LinkVendor Advisory
http://www.php.net/releases/5_2_1.phpRelease NotesVendor Advisory
http://www.php.net/releases/5_2_3.phpRelease NotesVendor Advisory
http://www.securityfocus.com/bid/23235Third Party AdvisoryVDB Entry

FAQ

What is CVE-2007-1887?

CVE-2007-1887 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empt...

How severe is CVE-2007-1887?

CVE-2007-1887 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-1887?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Canonical Ubuntu Linux, Debian Debian Linux.