Multiple vulnerabilities in PHP
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU110466
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2006-5706
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5 - 5.1.5
CPE2.3- cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.2:*:*:*:*:*:*:*
https://www.php.net/releases/5_2_0.php
https://www.ubuntu.com/usn/usn-375-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU110467
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2006-5465
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5 - 5.1.5
CPE2.3- cpe:2.3:a:php_group:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.3:*:*:*:*:*:*:*
https:ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
https://docs.info.apple.com/article.html?artnum=304829
https://issues.rpath.com/browse/RPL-761
https://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
https://rhn.redhat.com/errata/RHSA-2006-0736.html
https://secunia.com/advisories/22653
https://secunia.com/advisories/22685
https://secunia.com/advisories/22688
https://secunia.com/advisories/22693
https://secunia.com/advisories/22713
https://secunia.com/advisories/22753
https://secunia.com/advisories/22759
https://secunia.com/advisories/22779
https://secunia.com/advisories/22881
https://secunia.com/advisories/22929
https://secunia.com/advisories/23139
https://secunia.com/advisories/23155
https://secunia.com/advisories/23247
https://secunia.com/advisories/24606
https://secunia.com/advisories/25047
https://security.gentoo.org/glsa/glsa-200703-21.xml
https://securitytracker.com/id?1017152
https://securitytracker.com/id?1017296
https://support.avaya.com/elmodocs2/security/ASA-2006-245.htm
https://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html
https://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml
https://www.debian.org/security/2006/dsa-1206
https://www.hardened-php.net/advisory_132006.138.html
https://www.mandriva.com/security/advisories?name=MDKSA-2006:196
https://www.novell.com/linux/security/advisories/2006_67_php.html
https://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html
https://www.php.net/releases/5_2_0.php
https://www.redhat.com/support/errata/RHSA-2006-0730.html
https://www.redhat.com/support/errata/RHSA-2006-0731.html
https://www.securityfocus.com/archive/1/450431/100/0/threaded
https://www.securityfocus.com/archive/1/451098/100/0/threaded
https://www.securityfocus.com/archive/1/453024/100/0/threaded
https://www.securityfocus.com/bid/20879
https://www.trustix.org/errata/2006/0061/
https://www.turbolinux.com/security/2006/TLSA-2006-38.txt
https://www.ubuntu.com/usn/usn-375-1
https://www.us-cert.gov/cas/techalerts/TA06-333A.html
https://www.vupen.com/english/advisories/2006/4317
https://www.vupen.com/english/advisories/2006/4749
https://www.vupen.com/english/advisories/2006/4750
https://www.vupen.com/english/advisories/2007/1546
https://exchange.xforce.ibmcloud.com/vulnerabilities/29971
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU110476
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2006-4486
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to corrupt data.
Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.1.0 - 5.1.5
CPE2.3- cpe:2.3:a:php_group:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.5:*:*:*:*:*:*:*
https:ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
https://rhn.redhat.com/errata/RHSA-2006-0688.html
https://secunia.com/advisories/21546
https://secunia.com/advisories/22004
https://secunia.com/advisories/22069
https://secunia.com/advisories/22225
https://secunia.com/advisories/22331
https://secunia.com/advisories/22440
https://secunia.com/advisories/22487
https://secunia.com/advisories/22538
https://secunia.com/advisories/25945
https://securitytracker.com/id?1016984
https://support.avaya.com/elmodocs2/security/ASA-2006-221.htm
https://support.avaya.com/elmodocs2/security/ASA-2006-222.htm
https://support.avaya.com/elmodocs2/security/ASA-2006-223.htm
https://www.debian.org/security/2007/dsa-1331
https://www.hardened-php.net/hphp/changelog.html#hardening_patch_0.4.14
https://www.novell.com/linux/security/advisories/2006_52_php.html
https://www.php.net/ChangeLog-5.php#5.1.6
https://www.php.net/release_5_1_6.php
https://www.redhat.com/support/errata/RHSA-2006-0669.html
https://www.redhat.com/support/errata/RHSA-2006-0682.html
https://www.securityfocus.com/archive/1/447866/100/0/threaded
https://www.securityfocus.com/bid/19582
https://www.turbolinux.com/security/2006/TLSA-2006-38.txt
https://www.ubuntu.com/usn/usn-362-1
https://issues.rpath.com/browse/RPL-683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
