Executive Summary
Summary | |
---|---|
Title | PHP vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-362-1 | First vendor Publication | 2006-10-10 |
Vendor | Ubuntu | Last vendor Modification | 2006-10-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: Ubuntu 5.10: Ubuntu 6.06 LTS: After a standard system upgrade you need to restart Apache with sudo /etc/init.d/apache2 restart to effect the necessary changes. Details follow: The stripos() function did not check for invalidly long or empty haystack strings. In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter. (CVE-2006-4485) An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the "memory_limit" setting was not enforced correctly. A remote attacker could exploit this to cause a Denial of Service attack through memory exhaustion. (CVE-2006-4486) Maksymilian Arciemowicz discovered that security relevant configuration options like open_basedir and safe_mode (which can be configured in Apache's httpd.conf) could be bypassed and reset to their default value in php.ini by using the ini_restore() function. (CVE-2006-4625) Stefan Esser discovered that the ecalloc() function in the Zend engine did not check for integer overflows. This particularly affected the unserialize() function. In applications which unserialize untrusted user-defined data, this could be exploited to execute arbitrary code with the application's privileges. (CVE-2006-4812) |
Original Source
Url : http://www.ubuntu.com/usn/USN-362-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 4.4.5 File : nvt/nopsec_php_4_4_5.nasl |
2012-06-21 | Name : PHP 5.1.x < 5.1.5 File : nvt/nopsec_php_5_1_5.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.0 File : nvt/nopsec_php_5_2_0.nasl |
2009-10-10 | Name : SLES9: Security update for PHP File : nvt/sles9p5016480.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-287 File : nvt/gb_fedora_2007_287_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-455 File : nvt/gb_fedora_2007_455_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-526 File : nvt/gb_fedora_2007_526_php_fc5.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200610-14 (php) File : nvt/glsa_200610_14.nasl |
2008-09-04 | Name : FreeBSD Ports: php4, php5 File : nvt/freebsd_php40.nasl |
2008-09-04 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php5.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1331-1 (php4) File : nvt/deb_1331_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
29603 | PHP ini_restore() Apache httpd.conf Options Bypass PHP contains a flaw that may allow a local user to bypass Apache configuration options. The issue is due to the ini_restore function resetting its value to the php.ini "Master Value" (default). This may allow an attacker to bypass the safe_mode and open_basedir restrictions. |
29510 | PHP unserialize() Function Array Handling Overflow PHP contains a flaw that may allow a remote attacker to elevate privileges. The issue is due to the unserialize PHP function not properly sanitizing user-supplied input. By passing a large value for the number of array elements, an attacker can trigger an integer overflow in the Zend Engine ecalloc function. This may allow the execution of arbitrary code. |
28717 | PHP stripos() Function Unspecified Issue |
28001 | PHP on 64-bit memory_limit Unspecified Issue |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0730.nasl - Type : ACT_GATHER_INFO |
2012-01-11 | Name : Arbitrary code may be run on the remote server. File : php_4_3_0_zendengine.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_1_5.nasl - Type : ACT_GATHER_INFO |
2008-03-25 | Name : The remote web server uses a version of PHP that is affected by multiple buff... File : php_5_2_0.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-2152.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-362-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-2153.nasl - Type : ACT_GATHER_INFO |
2007-07-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1331.nasl - Type : ACT_GATHER_INFO |
2007-04-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_5.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-185.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_059.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1024.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-162.nasl - Type : ACT_GATHER_INFO |
2006-10-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200610-14.nasl - Type : ACT_GATHER_INFO |
2006-10-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e329550b54f711dba5ae00508d6a62df.nasl - Type : ACT_GATHER_INFO |
2006-10-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0708.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0669.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0682.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0669.nasl - Type : ACT_GATHER_INFO |
2006-09-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ea09c5df436211db81e1000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2006-07-17 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-122.nasl - Type : ACT_GATHER_INFO |
2003-02-18 | Name : Arbitrary code may be run on the remote server. File : php_4_3_0.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:03:51 |
|