Vulnerabilità: CVE-2007-2872

multiplo intero overflow nella funzione chunk_split in PHP 5 prima 5.2.3 e PHP 4 prima 4.4.8 permette agli aggressori remoti di provocare una negazione del servizio (blocco) o eseguire codice arbitrario tramite le (1) blocchi, (2) srclen, e (3) argomenti chunklen.


http://www.securityfocus.com/bid/24261
http://www.securityfocus.com/archive/1/470244/100/0/threaded
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
http://www.php.net/ChangeLog-4.php
http://www.php.net/releases/4_4_8.php
http://www.php.net/releases/5_2_3.php
https://issues.rpath.com/browse/RPL-1693
https://issues.rpath.com/browse/RPL-1702
https://launchpad.net/bugs/173043
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
http://www.securityfocus.com/archive/1/491693/100/0/threaded
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
http://www.securityfocus.com/archive/1/491693/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
http://www.sec-consult.com/291.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html
http://osvdb.org/36083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424
http://www.redhat.com/support/errata/RHSA-2007-0888.html
http://rhn.redhat.com/errata/RHSA-2007-0889.html
http://www.redhat.com/support/errata/RHSA-2007-0890.html
http://www.redhat.com/support/errata/RHSA-2007-0891.html
http://www.securitytracker.com/id?1018186
http://secunia.com/advisories/25456
http://secunia.com/advisories/25535
http://secunia.com/advisories/26048
http://secunia.com/advisories/26231
http://secunia.com/advisories/26838
http://secunia.com/advisories/26871
http://secunia.com/advisories/26895
http://secunia.com/advisories/26930
http://secunia.com/advisories/26967
http://secunia.com/advisories/27037
http://secunia.com/advisories/27102
http://secunia.com/advisories/27110
http://secunia.com/advisories/27351
http://secunia.com/advisories/27377
http://secunia.com/advisories/27545
http://secunia.com/advisories/27864
http://secunia.com/advisories/28318
http://secunia.com/advisories/28658
http://secunia.com/advisories/28750
http://secunia.com/advisories/28936
http://secunia.com/advisories/30040
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://www.trustix.org/errata/2007/0023/
https://usn.ubuntu.com/549-1/
http://www.ubuntu.com/usn/usn-549-2
http://www.vupen.com/english/advisories/2007/2061
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2008/0059
http://www.vupen.com/english/advisories/2008/0398
https://exchange.xforce.ibmcloud.com/vulnerabilities/39398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872


E' possibile lasciare un commento come utenti registrati al sito, accedendo tramite social, account wordpress oppure come utenti anonimi. Nel caso in cui si desideri lasciare un commento come utenti anonimi si verrà avvisati via email di un'eventuale risposta solo se si inserisce l'indirizzo email (facoltativo). L'inserimento di qualsiasi dato nei campi dei commenti è totalmente facoltativo. Chiunque decida di inserire un qualsiasi dato accetta il trattamento di questi ultimi per i fini inerenti al servizio ovvero la risposta al commento e le comunicazioni strettamente necessarie.


Rispondi