CVE-2007-2844: Race Condition

First published: Thu May 24 2007(Updated: )

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
PHP PHP	=4.3.9
PHP PHP	=4.0-beta1
PHP PHP	=5.1.5
PHP PHP	=5.1.2
PHP PHP	=4.0-beta4
PHP PHP	=4.2.0
PHP PHP	=5.1.1
PHP PHP	=4.4.4
PHP PHP	=5.0.0-beta1
PHP PHP	=4.1.0
PHP PHP	=5.1.6
PHP PHP	=4.3.4
PHP PHP	=4.0.4
PHP PHP	=4.3.0
PHP PHP	=4.0.5
PHP PHP	=5.0-rc1
PHP PHP	=5.0.5
PHP PHP	=4.3.6
PHP PHP	=5.0.1
PHP PHP	=5.1.4
PHP PHP	=4.0.7-rc2
PHP PHP	=4.3.7
PHP PHP	=5.0.4
PHP PHP	=4.0.7-rc1
PHP PHP	=4.2.2
PHP PHP	=4.4.2
PHP PHP	=4.0-rc1
PHP PHP	=4.3.2
PHP PHP	=4.3.11
PHP PHP	=4.0.0
PHP PHP	=4.0.3-patch1
PHP PHP	=4.0.7
PHP PHP	=4.0.2
PHP PHP	=4.3.3
PHP PHP	=5.0-rc3
PHP PHP	=4.1.1
PHP PHP	=4.4.3
PHP PHP	=5.0.0-rc2
PHP PHP	=5.0.3
PHP PHP	=4.2.3
PHP PHP	=5.1.0
PHP PHP	=4.4.5
PHP PHP	=4.0.1-patch1
PHP PHP	=5.0.0-rc3
PHP PHP	=4.0
PHP PHP	=4.0-beta2
PHP PHP	=4.0.1-patch2
PHP PHP	=4.0.6
PHP PHP	=5.2.0
PHP PHP	=5.0-rc2
PHP PHP	=4.1.2
PHP PHP	=5.0.0-beta3
PHP PHP	=4.0.7-rc3
PHP PHP	=4.0-rc2
PHP PHP	=4.3.1
PHP PHP	=5.1.3
PHP PHP	=4.0-beta_4_patch1
PHP PHP	=4.4.0
PHP PHP	=4.3.10
PHP PHP	=4.2.1
PHP PHP	=5.0.0-rc1
PHP PHP	=4.0.4-patch1
PHP PHP	=4.0.1
PHP PHP	=5.0.2
PHP PHP	=4.4.6
PHP PHP	=4.4.1
PHP PHP	=4.0-beta3
PHP PHP	=4.0.3
PHP PHP	=5.0.0-beta4
PHP PHP	=5.0.0
PHP PHP	=4.3.8
PHP PHP	=4.3.5
PHP PHP	=5.0.0-beta2

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/severity
agent/author
agent/weakness
agent/references
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/php
canonical/php php
version/php php/4.3.9
version/php php/4.0-beta1
version/php php/5.1.5
version/php php/5.1.2
version/php php/4.0-beta4
version/php php/4.2.0
version/php php/5.1.1
version/php php/4.4.4
version/php php/5.0.0-beta1
version/php php/4.1.0
version/php php/5.1.6
version/php php/4.3.4
version/php php/4.0.4
version/php php/4.3.0
version/php php/4.0.5
version/php php/5.0-rc1
version/php php/5.0.5
version/php php/4.3.6
version/php php/5.0.1
version/php php/5.1.4
version/php php/4.0.7-rc2
version/php php/4.3.7
version/php php/5.0.4
version/php php/4.0.7-rc1
version/php php/4.2.2
version/php php/4.4.2
version/php php/4.0-rc1
version/php php/4.3.2
version/php php/4.3.11
version/php php/4.0.0
version/php php/4.0.3-patch1
version/php php/4.0.7
version/php php/4.0.2
version/php php/4.3.3
version/php php/5.0-rc3
version/php php/4.1.1
version/php php/4.4.3
version/php php/5.0.0-rc2
version/php php/5.0.3
version/php php/4.2.3
version/php php/5.1.0
version/php php/4.4.5
version/php php/4.0.1-patch1
version/php php/5.0.0-rc3
version/php php/4.0
version/php php/4.0-beta2
version/php php/4.0.1-patch2
version/php php/4.0.6
version/php php/5.2.0
version/php php/5.0-rc2
version/php php/4.1.2
version/php php/5.0.0-beta3
version/php php/4.0.7-rc3
version/php php/4.0-rc2
version/php php/4.3.1
version/php php/5.1.3
version/php php/4.0-beta_4_patch1
version/php php/4.4.0
version/php php/4.3.10
version/php php/4.2.1
version/php php/5.0.0-rc1
version/php php/4.0.4-patch1
version/php php/4.0.1
version/php php/5.0.2
version/php php/4.4.6
version/php php/4.4.1
version/php php/4.0-beta3
version/php php/4.0.3
version/php php/5.0.0-beta4
version/php php/5.0.0
version/php php/4.3.8
version/php php/4.3.5
version/php php/5.0.0-beta2

CVE-2007-2844: Race Condition

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact