Test ID:	1.3.6.1.4.1.25623.1.0.100593
Category:	Web application abuses
Title:	PHP sqlite_udf_decode_binary() Function Buffer Overflow Vulnerability
Summary:	PHP is prone to a buffer-overflow vulnerability because the; application fails to perform boundary checks before copying; user-supplied data to insufficiently sized memory buffers.
Description:	Summary: PHP is prone to a buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. Vulnerability Impact: An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users. Affected Software/OS: This issue affects PHP versions prior to 4.4.5 and 5.2.1. Solution: Reports indicate that the vendor released versions 4.4.5 and 5.2.1 to address this issue. Please contact the vendor for information on obtaining and applying fixes. The reporter of this issue indicates that if you are using a shared copy of an external Sqlite library, you will remain vulnerable to this issue, even after upgrading to nonvulnerable versions. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1888 http://www.mandriva.com/security/advisories?name=MDKSA-2007:091 http://www.php-security.org/MOPB/MOPB-41-2007.html http://www.sqlite.org/cvstrac/rlog?f=sqlite/src/encode.c http://osvdb.org/39177 http://secunia.com/advisories/25057 http://www.ubuntu.com/usn/usn-455-1 http://www.attrition.org/pipermail/vim/2007-April/001540.html XForce ISS Database: sqlite-sqlitedecodebinary-bo(38518) https://exchange.xforce.ibmcloud.com/vulnerabilities/38518 Common Vulnerability Exposure (CVE) ID: CVE-2007-1887 BugTraq ID: 23235 http://www.securityfocus.com/bid/23235 Debian Security Information: DSA-1283 (Google Search) http://www.debian.org/security/2007/dsa-1283 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml HPdes Security Advisory: HPSBUX02262 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 HPdes Security Advisory: SSRT071447 http://www.mandriva.com/security/advisories?name=MDKSA-2007:088 http://www.mandriva.com/security/advisories?name=MDKSA-2007:089 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5348 http://secunia.com/advisories/24909 http://secunia.com/advisories/25062 http://secunia.com/advisories/27037 http://secunia.com/advisories/27102 http://secunia.com/advisories/27110 http://www.vupen.com/english/advisories/2007/2016 http://www.vupen.com/english/advisories/2007/3386 XForce ISS Database: php-sqlitedecodebinary-bo(33766) https://exchange.xforce.ibmcloud.com/vulnerabilities/33766
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.