CVE-2007-1889 - OpenCVE

Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Php	Php

Configuration 1 [-]

cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/25056
http://secunia.com/advisories/25062
http://www.debian.org/security/2007/dsa-1283
http://www.novell.com/linux/security/advisories/2007_32_php.html
http://www.php-security.org/MOPB/MOPB-43-2007.html	Patch Vendor Advisory
http://www.php-security.org/MOPB/MOPB-44-2007.html	Vendor Advisory
http://www.securityfocus.com/bid/23238
https://exchange.xforce.ibmcloud.com/vulnerabilities/33770

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-06T01:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-04-05T00:00:00

Link: CVE-2007-1889

JSON object: View

NVD Information

Status : Modified

Published: 2007-04-06T01:19:00.000

Modified: 2017-07-29T01:31:05.283

Link: CVE-2007-1889

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25056", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25056"}, {"name": "DSA-1283", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1283"}, {"tags": ["x_refsource_MISC"], "url": "http://www.php-security.org/MOPB/MOPB-43-2007.html"}, {"name": "23238", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23238"}, {"tags": ["x_refsource_MISC"], "url": "http://www.php-security.org/MOPB/MOPB-44-2007.html"}, {"name": "25062", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25062"}, {"name": "zend-zendmmallocint-bo(33770)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33770"}, {"name": "SUSE-SA:2007:032", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1889", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25056", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25056"}, {"name": "DSA-1283", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1283"}, {"name": "http://www.php-security.org/MOPB/MOPB-43-2007.html", "refsource": "MISC", "url": "http://www.php-security.org/MOPB/MOPB-43-2007.html"}, {"name": "23238", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23238"}, {"name": "http://www.php-security.org/MOPB/MOPB-44-2007.html", "refsource": "MISC", "url": "http://www.php-security.org/MOPB/MOPB-44-2007.html"}, {"name": "25062", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25062"}, {"name": "zend-zendmmallocint-bo(33770)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33770"}, {"name": "SUSE-SA:2007:032", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1889", "datePublished": "2007-04-06T01:00:00", "dateReserved": "2007-04-05T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize."}, {"lang": "es", "value": "Error de signo de entero en la funci\u00f3n _zend_mm_alloc_int en Zend Memory Manager de PHP 5.2.0 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n grande eamlloc, referida a una conversi\u00f3n incorrecta de entero largo con signo, como se demuestra mediante el cliente HTTP SOAP en PHP, y mediante una llamada a msg_receive con el valor entero positivo mas grande en maxsize."}], "id": "CVE-2007-1889", "lastModified": "2017-07-29T01:31:05.283", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-06T01:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25056"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25062"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1283"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.php-security.org/MOPB/MOPB-43-2007.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.php-security.org/MOPB/MOPB-44-2007.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23238"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33770"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. These issues did not affect the versions of PHP as\nshipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or\nRed Hat Application Stack 1.\n", "lastModified": "2007-04-16T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}