9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.317 Low
EPSS
Percentile
96.9%
CentOS Errata and Security Advisory CESA-2006:0669
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A response-splitting issue was discovered in the PHP session handling. If
a remote attacker can force a carefully crafted session identifier to be
used, a cross-site-scripting or response-splitting attack could be
possible. (CVE-2006-3016)
A buffer overflow was discovered in the PHP sscanf() function. If a script
used the sscanf() function with positional arguments in the format string,
a remote attacker sending a carefully crafted request could execute
arbitrary code as the ‘apache’ user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and str_repeat()
functions. If a script running on a 64-bit server used either of these
functions on untrusted user data, a remote attacker sending a carefully
crafted request might be able to cause a heap overflow. (CVE-2006-4482)
A buffer overflow was discovered in the PHP gd extension. If a script was
set up to process GIF images from untrusted sources using the gd extension,
a remote attacker could cause a heap overflow. (CVE-2006-4484)
An integer overflow was discovered in the PHP memory allocation handling.
On 64-bit platforms, the “memory_limit” setting was not enforced correctly,
which could allow a denial of service attack by a remote user. (CVE-2006-4486)
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues. These packages also contain a
fix for a bug where certain input strings to the metaphone() function could
cause memory corruption.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-September/075439.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075440.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075441.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075442.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075443.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075444.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075445.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075446.html
Affected packages:
php
php-devel
php-domxml
php-gd
php-imap
php-ldap
php-mbstring
php-mysql
php-ncurses
php-odbc
php-pear
php-pgsql
php-snmp
php-xmlrpc
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0669
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | ia64 | php | < 4.3.2-36.ent | php-4.3.2-36.ent.ia64.rpm |
CentOS | 3 | ia64 | php-devel | < 4.3.2-36.ent | php-devel-4.3.2-36.ent.ia64.rpm |
CentOS | 3 | ia64 | php-imap | < 4.3.2-36.ent | php-imap-4.3.2-36.ent.ia64.rpm |
CentOS | 3 | ia64 | php-ldap | < 4.3.2-36.ent | php-ldap-4.3.2-36.ent.ia64.rpm |
CentOS | 3 | ia64 | php-mysql | < 4.3.2-36.ent | php-mysql-4.3.2-36.ent.ia64.rpm |
CentOS | 3 | ia64 | php-odbc | < 4.3.2-36.ent | php-odbc-4.3.2-36.ent.ia64.rpm |
CentOS | 3 | ia64 | php-pgsql | < 4.3.2-36.ent | php-pgsql-4.3.2-36.ent.ia64.rpm |
CentOS | 4 | ia64 | php | < 4.3.9-3.18 | php-4.3.9-3.18.ia64.rpm |
CentOS | 4 | ia64 | php-devel | < 4.3.9-3.18 | php-devel-4.3.9-3.18.ia64.rpm |
CentOS | 4 | ia64 | php-domxml | < 4.3.9-3.18 | php-domxml-4.3.9-3.18.ia64.rpm |