Test ID:	1.3.6.1.4.1.25623.1.0.100592
Category:	Web application abuses
Title:	PHP Msg_Receive() Memory Allocation Integer Overflow Vulnerability
Summary:	PHP is prone to an integer-overflow vulnerability because it; fails to ensure that integer values aren't overrun. Attackers; may exploit this issue to cause a buffer overflow and to corrupt process memory.
Description:	Summary: PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory. Vulnerability Impact: Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition. Affected Software/OS: This issue affects PHP versions prior to 4.4.5 and 5.2.1. Solution: Reports indicate that the vendor released version 4.4.5 and 5.2.1 to address this issue. Symantec has not confirmed this. Please contact the vendor for information on obtaining and applying fixes. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1889 BugTraq ID: 23238 http://www.securityfocus.com/bid/23238 Debian Security Information: DSA-1283 (Google Search) http://www.debian.org/security/2007/dsa-1283 http://www.php-security.org/MOPB/MOPB-43-2007.html http://www.php-security.org/MOPB/MOPB-44-2007.html http://secunia.com/advisories/25056 http://secunia.com/advisories/25062 SuSE Security Announcement: SUSE-SA:2007:032 (Google Search) http://www.novell.com/linux/security/advisories/2007_32_php.html XForce ISS Database: zend-zendmmallocint-bo(33770) https://exchange.xforce.ibmcloud.com/vulnerabilities/33770
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.