PMASA-2007-3
Announcement-ID: PMASA-2007-3
Date: 2007-03-02
Summary
PHP Executor Deep Recursion Stack Overflow
Description
Stefan Esser from the Hardened-PHP Project is publishing the Month of PHP Bugs. One of these PHP bugs can be triggered by phpMyAdmin which uses a recursive function in its normal operation.
Severity
We consider this vulnerability to be serious.
Affected Versions
All versions prior to 2.10.0.2.
Solution
Upgrade to phpMyAdmin 2.10.0.2 or newer. Note that upgrading phpMyAdmin does not protect a server against an attacker that targets other vulnerable PHP applications.
References
http://www.php-security.org/MOPB/MOPB-02-2007.html
Assigned CVE IDs: CVE-2007-1325
Patches
The following commits have been made to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.