SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   PHP Vendors:   PHP Group
PHP Heap Overflows and Other Bugs Let Users Execute Arbitrary Code or Cause Denial of Service Conditions
SecurityTracker Alert ID:  1016984
SecurityTracker URL:  http://securitytracker.com/id/1016984
CVE Reference:   CVE-2006-4020, CVE-2006-4482, CVE-2006-4483, CVE-2006-4484, CVE-2006-4485, CVE-2006-4486, CVE-2006-4812   (Links to External Site)
Date:  Oct 5 2006
Impact:   Denial of service via local system, Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.x prior to 5.1.5
Description:   Several vulnerabilities were reported in PHP. A user may be able to execute arbitrary code on the target system. A user may be able to cause denial of service conditions.

In August 2006, the vendor reported several flaws in PHP that may allow a user or a remote user to execute arbitrary code on the target system.

A buffer overflow exists in the PHP sscanf() function [CVE-2006-4020]. A script that supplies specially crafted arguments to the sscanf() function to execute arbitrary code.

An integer overflow exists in the PHP wordwrap() and str_repeat() functions [CVE-2006-4482]. A script running on a 64-bit server can supply specially crafted data to either function to trigger a heap overflow and execute arbitrary code.

The 'ext/curl/interface.c' and 'ext/curl/streams.c' cURL extension files allow scripts to bypass certain safe_mode or open_basedir access restrictions [CVE-2006-4483]. This can be exploited via the CURLOPT_FOLLOWLOCATION option.

A buffer overflow exists in the PHP gd extension [CVE-2006-4484]. A user can supply a specially crafted GIF image to trigger a heap overflow and execute arbitrary code.

A buffer overread exists in the PHP stripos() function [CVE-2006-4485]. A script can supply specially crafted data to the stripos() function to cause PHP to read past the end of a buffer, which may cause denial of service conditions.

An integer overflow exists in the PHP memory allocation handling on 64-bit systems [CVE-2006-4486]. A script may be able to exceed the 'memory_limit' and cause denial of service conditions.

An integer overflow exists in the PHP memory handling routines [CVE-2006-4812]. A script may be able to execute arbitrary code.

Impact:   A user can execute arbitrary code on the target system.

A user can cause denial of service conditions on the target system.

Solution:   The vendor issued a fixed version (5.1.5) in August 2006, available at:

http://us2.php.net/downloads.php

Vendor URL:  php.net/releases/5_1_5.php (Links to External Site)
Cause:   Access control error, Boundary error, State error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 5 2006 (Red Hat Issues Fix) PHP Heap Overflows and Other Bugs Let Users Execute Arbitrary Code or Cause Denial of Service Conditions   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 2.1.
Oct 5 2006 (Red Hat Issues Fix) PHP Heap Overflows and Other Bugs Let Users Execute Arbitrary Code or Cause Denial of Service Conditions   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Application Stack for Enterprise Linux 4.
Dec 11 2006 (Red Hat Issues Fix for Stronghold) PHP Heap Overflows and Other Bugs Let Users Execute Arbitrary Code or Cause Denial of Service Conditions
Red Hat has issued a fix for Red Hat Stronghold 4.0 for Enterprise Linux.
Feb 28 2008 (Red Hat Issues Fix for gd) PHP Heap Overflows and Other Bugs Let Users Execute Arbitrary Code or Cause Denial of Service Conditions   (bugzilla@redhat.com)
Red Hat has released a fix for gd for Red Hat Enterprise Linux 4 and 5.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC