CVE-2007-3806

Name	CVE-2007-3806
Description	The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1572-1, DSA-1578-1, DTSA-61-1
Debian Bugs	441433

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
php4	source	etch	6:4.4.4-8+etch6		DSA-1578-1
php4	source	(unstable)	(unfixed)
php5	source	etch	5.2.0-8+etch11		DSA-1572-1
php5	source	lenny	5.2.3-1+lenny1		DTSA-61-1
php5	source	(unstable)	5.2.4-1	medium		441433

Notes

[etch] - php5 <no-dsa> (requires malicious script)
[etch] - php4 <no-dsa> (requires malicious script)
[sarge] - php4 <no-dsa> (requires malicious script)