#VU110468 Code Injection in PHP - CVE-2006-4812
Vulnerability identifier: #VU110468
Vulnerability risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID:
CWE-ID:
CWE-94
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
PHP
Universal components / Libraries /
Scripting languages
Vendor: PHP Group
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
Mitigation
Install update from vendor's website.
Vulnerable software versions
PHP: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.1, 4.1.1, 4.1.2, 4.2, 4.2.1, 4.2.2, 4.2.3, 5, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6
External links
https://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162
https://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html
https://rhn.redhat.com/errata/RHSA-2006-0688.html
https://rhn.redhat.com/errata/RHSA-2006-0708.html
https://secunia.com/advisories/22280
https://secunia.com/advisories/22281
https://secunia.com/advisories/22300
https://secunia.com/advisories/22331
https://secunia.com/advisories/22338
https://secunia.com/advisories/22533
https://secunia.com/advisories/22538
https://secunia.com/advisories/22650
https://securityreason.com/securityalert/1691
https://securitytracker.com/id?1016984
https://support.avaya.com/elmodocs2/security/ASA-2006-223.htm
https://support.avaya.com/elmodocs2/security/ASA-2006-234.htm
https://www.gentoo.org/security/en/glsa/glsa-200610-14.xml
https://www.hardened-php.net/advisory_092006.133.html
https://www.hardened-php.net/files/CVE-2006-4812.patch
https://www.securityfocus.com/archive/1/448014/100/0/threaded
https://www.securityfocus.com/archive/1/448953/100/0/threaded
https://www.securityfocus.com/bid/20349
https://www.trustix.org/errata/2006/0055
https://www.ubuntu.com/usn/usn-362-1
https://www.vupen.com/english/advisories/2006/3922
https://exchange.xforce.ibmcloud.com/vulnerabilities/29362
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
