CVE-2007-1700

NameCVE-2007-1700
DescriptionThe session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1283-1, DTSA-39-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php4sourcesarge4:4.3.10-21
php4sourceetch6:4.4.4-8+etch1
php4source(unstable)6:4.4.4-9
php5sourceetch5.2.0-8+etch3DSA-1283-1
php5sourcelenny5.2.0-10+lenny1DTSA-39-1
php5source(unstable)5.2.0-9

Notes

This was fixed as a side-effect of previous security fixes, noting the
status as of DSA-1286 as fixed version. likewise the oldstable
version was fixed.
Search for package or bug name: Reporting problems