CVE-2007-1376 - Vulnerability Details

The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Php

Configuration 1 [-]

OR	cpe:2.3:a:php:php:4.0:::::::*
	cpe:2.3:a:php:php:4.0:beta_4_patch1::::::
	cpe:2.3:a:php:php:4.0:beta1::::::
	cpe:2.3:a:php:php:4.0:beta2::::::
	cpe:2.3:a:php:php:4.0:beta3::::::
	cpe:2.3:a:php:php:4.0:beta4::::::
	cpe:2.3:a:php:php:4.0:rc1::::::
	cpe:2.3:a:php:php:4.0:rc2::::::
	cpe:2.3:a:php:php:4.0.0:::::::*
	cpe:2.3:a:php:php:4.0.1:::::::*
	cpe:2.3:a:php:php:4.0.1:patch1::::::
	cpe:2.3:a:php:php:4.0.1:patch2::::::
	cpe:2.3:a:php:php:4.0.2:::::::*
	cpe:2.3:a:php:php:4.0.3:::::::*
	cpe:2.3:a:php:php:4.0.3:patch1::::::
	cpe:2.3:a:php:php:4.0.4:::::::*
	cpe:2.3:a:php:php:4.0.4:patch1::::::
	cpe:2.3:a:php:php:4.0.5:::::::*
	cpe:2.3:a:php:php:4.0.6:::::::*
	cpe:2.3:a:php:php:4.0.7:::::::*
	cpe:2.3:a:php:php:4.0.7:rc1::::::
	cpe:2.3:a:php:php:4.0.7:rc2::::::
	cpe:2.3:a:php:php:4.0.7:rc3::::::
	cpe:2.3:a:php:php:4.1.0:::::::*
	cpe:2.3:a:php:php:4.1.1:::::::*
	cpe:2.3:a:php:php:4.1.2:::::::*
	cpe:2.3:a:php:php:4.2::dev:::::
	cpe:2.3:a:php:php:4.2.0:::::::*
	cpe:2.3:a:php:php:4.2.1:::::::*
	cpe:2.3:a:php:php:4.2.2:::::::*
	cpe:2.3:a:php:php:4.2.3:::::::*
	cpe:2.3:a:php:php:4.3.0:::::::*
	cpe:2.3:a:php:php:4.3.1:::::::*
	cpe:2.3:a:php:php:4.3.2:::::::*
	cpe:2.3:a:php:php:4.3.3:::::::*
	cpe:2.3:a:php:php:4.3.4:::::::*
	cpe:2.3:a:php:php:4.3.5:::::::*
	cpe:2.3:a:php:php:4.3.6:::::::*
	cpe:2.3:a:php:php:4.3.7:::::::*
	cpe:2.3:a:php:php:4.3.8:::::::*
	cpe:2.3:a:php:php:4.3.9:::::::*
	cpe:2.3:a:php:php:4.3.10:::::::*
	cpe:2.3:a:php:php:4.3.11:::::::*
	cpe:2.3:a:php:php:4.4.0:::::::*
	cpe:2.3:a:php:php:4.4.1:::::::*
	cpe:2.3:a:php:php:4.4.2:::::::*
	cpe:2.3:a:php:php:4.4.3:::::::*
	cpe:2.3:a:php:php:4.4.4:::::::*
	cpe:2.3:a:php:php:4.4.5:::::::*
	cpe:2.3:a:php:php:5.0:rc1::::::
	cpe:2.3:a:php:php:5.0:rc2::::::
	cpe:2.3:a:php:php:5.0:rc3::::::
	cpe:2.3:a:php:php:5.0.0:::::::*
	cpe:2.3:a:php:php:5.0.0:beta1::::::
	cpe:2.3:a:php:php:5.0.0:beta2::::::
	cpe:2.3:a:php:php:5.0.0:beta3::::::
	cpe:2.3:a:php:php:5.0.0:beta4::::::
	cpe:2.3:a:php:php:5.0.0:rc1::::::
	cpe:2.3:a:php:php:5.0.0:rc2::::::
	cpe:2.3:a:php:php:5.0.0:rc3::::::
	cpe:2.3:a:php:php:5.0.1:::::::*
	cpe:2.3:a:php:php:5.0.2:::::::*
	cpe:2.3:a:php:php:5.0.3:::::::*
	cpe:2.3:a:php:php:5.0.4:::::::*
cpe:2.3:a:php:php:5.0.5:::::::*
cpe:2.3:a:php:php:5.1.0:::::::*
cpe:2.3:a:php:php:5.1.1:::::::*
cpe:2.3:a:php:php:5.1.2:::::::*
cpe:2.3:a:php:php:5.1.3:::::::*
cpe:2.3:a:php:php:5.1.4:::::::*
cpe:2.3:a:php:php:5.1.5:::::::*
cpe:2.3:a:php:php:5.1.6:::::::*
cpe:2.3:a:php:php:5.2.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/24606
http://secunia.com/advisories/25056
http://secunia.com/advisories/25057
http://secunia.com/advisories/25062
http://security.gentoo.org/glsa/glsa-200703-21.xml
http://www.debian.org/security/2007/dsa-1283
http://www.novell.com/linux/security/advisories/2007_32_php.html
http://www.osvdb.org/32781
http://www.php-security.org/MOPB/MOPB-15-2007.html
http://www.securityfocus.com/bid/22862
http://www.ubuntu.com/usn/usn-455-1
https://www.exploit-db.com/exploits/3426
https://www.exploit-db.com/exploits/3427

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-10T00:00:00

Updated: 2024-08-07T12:50:35.224Z

Reserved: 2007-03-09T00:00:00

Link: CVE-2007-1376

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-03-10T00:19:00.000

Modified: 2024-11-21T00:28:09.613

Link: CVE-2007-1376

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25056", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25056"}, {"name": "32781", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32781"}, {"name": "DSA-1283", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1283"}, {"name": "24606", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24606"}, {"name": "GLSA-200703-21", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"}, {"name": "25062", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25062"}, {"name": "3427", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3427"}, {"name": "USN-455-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"name": "22862", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22862"}, {"name": "3426", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3426"}, {"name": "25057", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25057"}, {"tags": ["x_refsource_MISC"], "url": "http://www.php-security.org/MOPB/MOPB-15-2007.html"}, {"name": "SUSE-SA:2007:032", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1376", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25056", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25056"}, {"name": "32781", "refsource": "OSVDB", "url": "http://www.osvdb.org/32781"}, {"name": "DSA-1283", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1283"}, {"name": "24606", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24606"}, {"name": "GLSA-200703-21", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"}, {"name": "25062", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25062"}, {"name": "3427", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3427"}, {"name": "USN-455-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"name": "22862", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22862"}, {"name": "3426", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3426"}, {"name": "25057", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25057"}, {"name": "http://www.php-security.org/MOPB/MOPB-15-2007.html", "refsource": "MISC", "url": "http://www.php-security.org/MOPB/MOPB-15-2007.html"}, {"name": "SUSE-SA:2007:032", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:50:35.224Z"}, "title": "CVE Program Container", "references": [{"name": "25056", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25056"}, {"name": "32781", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32781"}, {"name": "DSA-1283", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1283"}, {"name": "24606", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24606"}, {"name": "GLSA-200703-21", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"}, {"name": "25062", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25062"}, {"name": "3427", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3427"}, {"name": "USN-455-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"name": "22862", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22862"}, {"name": "3426", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3426"}, {"name": "25057", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25057"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.php-security.org/MOPB/MOPB-15-2007.html"}, {"name": "SUSE-SA:2007:032", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1376", "datePublished": "2007-03-10T00:00:00", "dateReserved": "2007-03-09T00:00:00", "dateUpdated": "2024-08-07T12:50:35.224Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EDBEC461-D553-41B7-8D85-20B6A933C21C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*", "matchCriteriaId": "AEEF2298-98E8-409F-9205-84817CEF947B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "6AFC00BA-D64D-4407-AC69-FDD9FF013943", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "D80F2A8B-B57F-4970-867A-55E8187C1502", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "EF4E0EFE-4FF6-4E8F-8EC5-68B059FC0C42", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "49965B80-DC27-4864-BDF0-CBBFF16BFD80", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8212495A-0F2A-4787-93F2-F6618F9A777B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "C6F0F8FC-C57A-4AEA-A59F-41140347318A", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7BF57C14-86B6-419A-BAFF-93D01CB1E081", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "78BAA18C-E5A0-4210-B64B-709BBFF31EEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "matchCriteriaId": "419867C6-37BE-43B4-BFE0-6325FEE3807D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "matchCriteriaId": "37896E87-95C2-4039-8362-BC03B1C56706", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "13A159B4-B847-47DE-B7F8-89384E6C551B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "57B59616-A309-40B4-94B1-50A7BC00E35C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "matchCriteriaId": "8667FBC6-04B6-40E5-93B3-6C22BEED4B26", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0F39A1B1-416E-4436-8007-733B66904A14", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*", "matchCriteriaId": "9B8B3138-3DCC-4682-B9A8-920E1110700D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "FC2E5F96-66D2-4F99-A74D-6A2305EE218E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "2D724D09-0D45-4701-93C9-348301217C8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "FC6A6F47-5C7C-4F82-B23B-9C959C69B27F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "matchCriteriaId": "AE1A4DA6-6181-43A8-B0D8-5A016C3E75FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "6E36203C-1392-49BB-AE7E-49626963D673", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6713614A-B14E-4A85-BF89-ED780068FC68", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD95F8EB-B428-4B3C-9254-A5DECE03A989", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "069EB7EE-06B9-454F-9007-8DE5DCA33C53", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "matchCriteriaId": "BBA861A2-F0CD-4DBB-B43A-4970EB114DA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "18BF5BE6-09EA-45AD-93BF-2BEF1742534E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC1460DF-1687-4314-BF1A-01290B20302D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "470380B0-3982-48FC-871B-C8B43C81900D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "63190D9B-7958-4B93-87C6-E7D5A572F6DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "4AAF4586-74FF-47C6-864B-656FDF3F33D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "5245F990-B4A7-4ED8-909D-B8137CE79FAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "5652D5B0-68E4-4239-B9B7-599AFCF4C53E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "57B71BB7-5239-4860-9100-8CABC3992D8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "72BD447A-4EED-482C-8F61-48FAD4FCF8BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "B3F9DF9D-15E5-4387-ABE3-A7583331A928", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "11579E5C-D7CF-46EE-B015-5F4185C174E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "C69CDE21-2FD4-4529-8F02-8709CF5E3D7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "221B9AC4-C63C-4386-B3BD-E4BC102C6124", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "78B7BA75-2A32-4A8E-ADF8-BCB4FC48CB5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "2BEA491B-77FD-4760-8F6F-3EBC6BD810D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "BB25CFBB-347C-479E-8853-F49DD6CBD7D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "4D2937B3-D034-400E-84F5-33833CE3764D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "71AEE8B4-FCF8-483B-8D4C-2E80A02E925E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "4C2AF1D9-33B6-4B2C-9269-426B6B720164", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "0F9D7662-A5B6-41D0-B6A1-E5ABC5ABA47F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "E3797AB5-9E49-4251-A212-B6E5D9996764", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "D61D9CE9-F7A3-4F52-9D4E-B2473804ECB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource."}, {"lang": "es", "value": "Las funciones shomp en PHP anterior a 4.4.5, y anterior a 5.2.1 en las series 5.x, no verifica que sus argumentos corresponden a un recurso shmop, lo caul permite a atacantes dependientes del contexto leer y escribir localizaciones de memoria de su elecci\u00f3n a trav\u00e9s de argumentos asociados con un recurso inapropiado, como se demostr\u00f3 con un recurso de imagen GD."}], "id": "CVE-2007-1376", "lastModified": "2024-11-21T00:28:09.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-10T00:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24606"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25056"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25057"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25062"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1283"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32781"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.php-security.org/MOPB/MOPB-15-2007.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/22862"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3426"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3427"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25057"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25062"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32781"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.php-security.org/MOPB/MOPB-15-2007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/22862"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/3426"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/3427"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "The PHP interpreter does not offer a reliable "sandboxed" security\nlayer (as found in, say, a JVM) in which untrusted scripts can be run;\nany script run by the PHP interpreter must be trusted with the\nprivileges of the interpreter itself. We therefore do not classify\nthis issue as security-sensitive since no trust boundary is crossed.\n", "lastModified": "2007-04-16T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object