| Name | CVE-2007-0906 |
| Description | Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825). |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1264-1 |
| Debian Bugs | 410561, 410995 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| php5 (PTS) | jessie, jessie (lts) | 5.6.40+dfsg-0+deb8u21 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| php4 | source | sarge | 4:4.3.10-19 | DSA-1264-1 | ||
| php4 | source | etch | 6:4.4.4-8+etch1 | |||
| php4 | source | (unstable) | 6:4.4.4-9 | |||
| php5 | source | etch | 5.2.0-8+etch1 | |||
| php5 | source | (unstable) | 5.2.0-9 | medium | 410561, 410995 |
(4) is a non-issue, as we don't use the bundled sqlite