Vulnerabilities > CVE-2007-2844 - Unspecified vulnerability in PHP

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
php
nessus
NVD
Published: 2007-05-24
Updated: 2024-11-21

Summary

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.

Vulnerable Configurations

Part Description Count
Application
Php
73

Nessus

NASL familyCGI abuses
NASL idPHP_5_2_0.NASL
descriptionAccording to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as
last seen2020-06-01
modified2020-06-02
plugin id31649
published2008-03-25
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/31649
titlePHP 5.x < 5.2 Multiple Vulnerabilities

Statements

contributorMark J Cox
lastmodified2007-05-29
organizationRed Hat
statementNot vulnerable. PHP is not built or supported in a multi-threaded environment in the packages distributed in Red Hat Enterprise Linux or Application Stack.

References