9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.041 Low
EPSS
Percentile
92.1%
CentOS Errata and Security Advisory CESA-2006:0682-01
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A response-splitting issue was discovered in the PHP session handling. If
a remote attacker can force a carefully crafted session identifier to be
used, a cross-site-scripting or response-splitting attack could be
possible. (CVE-2006-3016)
A buffer overflow was discovered found in the PHP sscanf() function. If a
script used the sscanf() function with positional arguments in the format
string, a remote attacker sending a carefully crafted request could execute
arbitrary code as the ‘apache’ user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and str_repeat()
functions. If a script running on a 64-bit server used either of these
functions on untrusted user data, a remote attacker sending a carefully
crafted request might be able to cause a heap overflow. (CVE-2006-4482)
An integer overflow was discovered in the PHP memory allocation handling.
On 64-bit platforms, the “memory_limit” setting was not enforced correctly,
which could allow a denial of service attack by a remote user. (CVE-2006-4486)
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues. These packages also contain a
fix for a bug where certain input strings to the metaphone() function could
cause memory corruption.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-September/075447.html
Affected packages:
php
php-devel
php-imap
php-ldap
php-manual
php-mysql
php-odbc
php-pgsql
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | php | < 4.1.2-2.11 | php-4.1.2-2.11.i386.rpm |
CentOS | 2 | i386 | php-devel | < 4.1.2-2.11 | php-devel-4.1.2-2.11.i386.rpm |
CentOS | 2 | i386 | php-imap | < 4.1.2-2.11 | php-imap-4.1.2-2.11.i386.rpm |
CentOS | 2 | i386 | php-ldap | < 4.1.2-2.11 | php-ldap-4.1.2-2.11.i386.rpm |
CentOS | 2 | i386 | php-manual | < 4.1.2-2.11 | php-manual-4.1.2-2.11.i386.rpm |
CentOS | 2 | i386 | php-mysql | < 4.1.2-2.11 | php-mysql-4.1.2-2.11.i386.rpm |
CentOS | 2 | i386 | php-odbc | < 4.1.2-2.11 | php-odbc-4.1.2-2.11.i386.rpm |
CentOS | 2 | i386 | php-pgsql | < 4.1.2-2.11 | php-pgsql-4.1.2-2.11.i386.rpm |