Red Hat Bugzilla – Bug 239009
CVE-2007-1864 php libxmlrpc library overflow
Last modified: 2007-05-21 07:39:59 EDT
The PHP announcement on 20070503 included an issue which is a remotely
triggerable heap buffer overflow inside the bundled libxmlrpc library. Note
that this is the C xmlrpc library extension and most PHP applications
implementing XMLRPC would use the native-PHP xmlrpc code which is not affected
by this issue.
text "A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A
PHP script which implements an XML-RPC server using this extension
could allow a remote attacker to execute arbitrary code as the 'apache'
user. Note that this flaw does not affect PHP applications using the
pure-PHP XML_RPC class provided in /usr/share/pear. (CVE-2007-1864) "