Multiple vulnerabilities in PHP
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2006-2563 CVE-2006-1990 CVE-2006-1549 CVE-2006-0996 |
| CWE-ID | CWE-20 CWE-122 CWE-399 CWE-79 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU110483
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2006-2563
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 4.4.2 - 5.1.4
CPE2.3 External linkshttps://secunia.com/advisories/20337
https://secunia.com/advisories/21050
https://secunia.com/advisories/21847
https://secunia.com/advisories/22039
https://securityreason.com/achievement_securityalert/39
https://securityreason.com/securityalert/959
https://securitytracker.com/id?1016175
https://www.mandriva.com/security/advisories?name=MDKSA-2006:122
https://www.novell.com/linux/security/advisories/2006_22_sr.html
https://www.novell.com/linux/security/advisories/2006_52_php.html
https://www.securityfocus.com/bid/18116
https://www.vupen.com/english/advisories/2006/2055
https://exchange.xforce.ibmcloud.com/vulnerabilities/26764
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU110484
Risk: Medium
CVSSv4.0: N/A
CVE-ID: CVE-2006-1990
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data within the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 4.4.2 - 5.1.2
CPE2.3 External linkshttps:ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
https://docs.info.apple.com/article.html?artnum=304829
https://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
https://rhn.redhat.com/errata/RHSA-2006-0549.html
https://secunia.com/advisories/19803
https://secunia.com/advisories/20052
https://secunia.com/advisories/20222
https://secunia.com/advisories/20269
https://secunia.com/advisories/20676
https://secunia.com/advisories/21031
https://secunia.com/advisories/21050
https://secunia.com/advisories/21125
https://secunia.com/advisories/21135
https://secunia.com/advisories/21252
https://secunia.com/advisories/21564
https://secunia.com/advisories/21723
https://secunia.com/advisories/22225
https://secunia.com/advisories/23155
https://security.gentoo.org/glsa/glsa-200605-08.xml
https://securitytracker.com/id?1015979
https://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
https://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
https://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02
https://www.mandriva.com/security/advisories?name=MDKSA-2006:091
https://www.mandriva.com/security/advisories?name=MDKSA-2006:122
https://www.novell.com/linux/security/advisories/2006_31_php.html
https://www.redhat.com/support/errata/RHSA-2006-0501.html
https://www.redhat.com/support/errata/RHSA-2006-0568.html
https://www.securityfocus.com/archive/1/447866/100/0/threaded
https://www.turbolinux.com/security/2006/TLSA-2006-38.txt
https://www.ubuntu.com/usn/usn-320-1
https://www.us-cert.gov/cas/techalerts/TA06-333A.html
https://www.vupen.com/english/advisories/2006/1500
https://www.vupen.com/english/advisories/2006/4750
https://exchange.xforce.ibmcloud.com/vulnerabilities/26001
https://issues.rpath.com/browse/RPL-683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9696
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU110486
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2006-1549
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform service disruption.
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. Upgrade to PHP 5.1.3-RC3
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 4.4.2 - 5.1.2
CPE2.3 External linkshttps://securityreason.com/achievement_securityalert/35
https://securityreason.com/securityalert/2312
https://securityreason.com/securityalert/676
https://securitytracker.com/id?1015880
https://www.osvdb.org/24485
https://www.php-security.org/MOPB/MOPB-02-2007.html
https://www.securityfocus.com/archive/1/430453/100/0/threaded
https://www.securityfocus.com/archive/1/430598/100/0/threaded
https://www.securityfocus.com/archive/1/430742/100/0/threaded
https://www.securityfocus.com/archive/1/431018/100/0/threaded
https://www.securityfocus.com/bid/22766
https://www.vupen.com/english/advisories/2006/1290
https://exchange.xforce.ibmcloud.com/vulnerabilities/25704
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Cross-site scripting
EUVDB-ID: #VU110489
Risk: Medium
CVSSv4.0: N/A
CVE-ID: CVE-2006-0996
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionVulnerability allows a remote attacker to perform Cross-site scripting attacks.
An input validation error exists in phpinfo (info.c) in PHP 5.1.2 and 4.4.2. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 4.4.2 - 5.1.2
CPE2.3 External linkshttps:ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
https://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c
https://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261
https://marc.info/?l=php-cvs&m=114374620416389&w=2
https://rhn.redhat.com/errata/RHSA-2006-0276.html
https://rhn.redhat.com/errata/RHSA-2006-0549.html
https://secunia.com/advisories/19599
https://secunia.com/advisories/19775
https://secunia.com/advisories/19832
https://secunia.com/advisories/19979
https://secunia.com/advisories/20052
https://secunia.com/advisories/20210
https://secunia.com/advisories/20222
https://secunia.com/advisories/20951
https://secunia.com/advisories/21125
https://secunia.com/advisories/21252
https://secunia.com/advisories/21564
https://security.gentoo.org/glsa/glsa-200605-08.xml
https://securityreason.com/achievement_securityalert/34
https://securityreason.com/securityalert/675
https://securitytracker.com/id?1015879
https://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
https://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
https://www.mandriva.com/security/advisories?name=MDKSA-2006:074
https://www.novell.com/linux/security/advisories/05-05-2006.html
https://www.osvdb.org/24484
https://www.php.net/ChangeLog-4.php#4.4.3
https://www.redhat.com/support/errata/RHSA-2006-0501.html
https://www.securityfocus.com/bid/17362
https://www.ubuntu.com/usn/usn-320-1
https://www.vupen.com/english/advisories/2006/1290
https://www.vupen.com/english/advisories/2006/2685
https://exchange.xforce.ibmcloud.com/vulnerabilities/25702
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
