PHP STR_IReplace Remote Denial of Service Vulnerability

Bugtraq ID:	22505
Class:	Unknown
CVE:	CVE-2007-0911
Remote:	Yes
Local:	No
Published:	Feb 09 2007 12:00AM
Updated:	Mar 21 2007 12:04AM
Credit:	Thomas Hruska <thruska () cubiclesoft ! com> is credited with discovering this issue.
Vulnerable:	SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE SUSE Linux Enterprise Server 10 SuSE Linux Enterprise Server 9 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 10.1 PHP PHP 5.2.1 + Ubuntu Ubuntu Linux 7.04 sparc + Ubuntu Ubuntu Linux 7.04 powerpc + Ubuntu Ubuntu Linux 7.04 i386 + Ubuntu Ubuntu Linux 7.04 amd64 Gentoo Linux
Not Vulnerable:

PHP STR_IReplace Remote Denial of Service Vulnerability

PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

An attacker who can run PHP code on a vulnerable computer may exploit this vulnerability to crash PHP and the webserver, denying service to legitimate users.

This issue affects PHP 5.2.1; other versions may also be vulnerable.

PHP STR_IReplace Remote Denial of Service Vulnerability

To exploit this issue, an attacker must be able to execute PHP code on a vulnerable webserver.

The following proof-of-concept script is available:

• /data/vulnerabilities/exploits/22505.php

PHP STR_IReplace Remote Denial of Service Vulnerability

References:

• SUSE-SA:2007:020 (SUSE)
  
• PHP 5.2.1 crash bug ([email protected] )