Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669)
2013-07-12T00:00:00
ID ORACLELINUX_ELSA-2006-0730.NASL Type nessus Reporter Tenable Modified 2013-07-14T00:00:00
Description
Updated PHP packages that fix a security issue are now available.
This update has been rated as having important security impact by the Red Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.
Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption.
From Red Hat Security Advisory 2006:0730 :
The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user.
(CVE-2006-5465)
From Red Hat Security Advisory 2006:0669 :
A response-splitting issue was discovered in the PHP session handling.
If a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016)
A buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)
A buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow.
(CVE-2006-4484)
An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisories ELSA-2006-0730 /
# ELSA-2006-0669.
#
include("compat.inc");
if (description)
{
script_id(67421);
script_version("$Revision: 1.2 $");
script_cvs_date("$Date: 2013/07/14 23:36:28 $");
script_cve_id("CVE-2006-3016", "CVE-2006-4020", "CVE-2006-4482", "CVE-2006-4484", "CVE-2006-4486", "CVE-2006-5465");
script_osvdb_id(25253, 27824, 28001, 28002, 28003, 28004, 30178, 30179);
script_xref(name:"RHSA", value:"2006:0669");
script_xref(name:"RHSA", value:"2006:0730");
script_name(english:"Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Oracle Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Updated PHP packages that fix a security issue are now available.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues. These packages also contain
a fix for a bug where certain input strings to the metaphone() function
could cause memory corruption.
From Red Hat Security Advisory 2006:0730 :
The Hardened-PHP Project discovered an overflow in the PHP
htmlentities() and htmlspecialchars() routines. If a PHP script used
the vulnerable functions to parse UTF-8 data, a remote attacker
sending a carefully crafted request could trigger the overflow and
potentially execute arbitrary code as the 'apache' user.
(CVE-2006-5465)
From Red Hat Security Advisory 2006:0669 :
A response-splitting issue was discovered in the PHP session handling.
If a remote attacker can force a carefully crafted session identifier
to be used, a cross-site-scripting or response-splitting attack could
be possible. (CVE-2006-3016)
A buffer overflow was discovered in the PHP sscanf() function. If a
script used the sscanf() function with positional arguments in the
format string, a remote attacker sending a carefully crafted request
could execute arbitrary code as the 'apache' user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and
str_repeat() functions. If a script running on a 64-bit server used
either of these functions on untrusted user data, a remote attacker
sending a carefully crafted request might be able to cause a heap
overflow. (CVE-2006-4482)
A buffer overflow was discovered in the PHP gd extension. If a script
was set up to process GIF images from untrusted sources using the gd
extension, a remote attacker could cause a heap overflow.
(CVE-2006-4484)
An integer overflow was discovered in the PHP memory allocation
handling. On 64-bit platforms, the 'memory_limit' setting was not
enforced correctly, which could allow a denial of service attack by a
remote user. (CVE-2006-4486)"
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2006-November/000016.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected php packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_cwe_id(119);
script_set_attribute(attribute:"patch_publication_date", value:"2006/11/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-domxml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-ncurses");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pear");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xmlrpc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013 Tenable Network Security, Inc.");
script_family(english:"Oracle Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
flag = 0;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-devel-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-devel-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-domxml-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-domxml-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-gd-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-gd-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-imap-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-imap-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-ldap-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-ldap-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-mbstring-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-mbstring-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-mysql-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-mysql-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-ncurses-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-ncurses-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-odbc-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-odbc-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-pear-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-pear-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-pgsql-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-pgsql-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-snmp-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-snmp-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"php-xmlrpc-4.3.9-3.22")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"php-xmlrpc-4.3.9-3.22")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"hash": "ee2db27c8339d58b27f5239000a3afdf8e02c9dcfae006be9cd3d350c680d27d", "naslFamily": "Oracle Linux Local Security Checks", "id": "ORACLELINUX_ELSA-2006-0730.NASL", "lastseen": "2017-10-29T13:42:42", "viewCount": 5, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "a3df1211c7b4f8002f729fdec6b65ba4", "key": "cpe"}, {"hash": "afe48c3fc64f3dcf0944ff6536c43c36", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "b2bcd21dea5c25f09b234688651791fd", "key": "description"}, {"hash": "c5b9315a071dc031333e754a6c18b197", "key": "href"}, {"hash": "8e47d4082bf7f506143b52c07e08b700", "key": "modified"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "ca3712ddee1ac1e48e7d8a157ac26179", "key": "pluginID"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "c52c842077cf089d22f0664713131fe8", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "fc3d18965a454940fdb8027d567959ee", "key": "sourceData"}, {"hash": "296976f54ebc7ab6844139efdf1ee500", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-domxml", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-imap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-ncurses", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-mysql", "p-cpe:/a:oracle:linux:php-xmlrpc", "p-cpe:/a:oracle:linux:php-pear", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-pgsql"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 2, "enchantments": {"vulnersScore": 7.5}, "type": "nessus", "description": "Updated PHP packages that fix a security issue are now available. \n\nThis update has been rated as having important security impact by the Red Hat Security Response Team. \n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. \n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption. \n\n\nFrom Red Hat Security Advisory 2006:0730 :\n\nThe Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user.\n(CVE-2006-5465)\n\n\nFrom Red Hat Security Advisory 2006:0669 :\n\nA response-splitting issue was discovered in the PHP session handling.\nIf a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016)\n\nA buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020)\n\nAn integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)\n\nA buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow.\n(CVE-2006-4484)\n\nAn integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)", "title": "Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669)", "history": [{"bulletin": {"hash": "3b046919342db1d9cbe3aa8936aa2e786e4cf429d1bf436b738b2b54fc42903e", "naslFamily": "Oracle Linux Local Security Checks", "edition": 1, "lastseen": "2016-09-26T17:25:52", "enchantments": {}, "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "fc3d18965a454940fdb8027d567959ee", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c52c842077cf089d22f0664713131fe8", "key": "references"}, {"hash": "296976f54ebc7ab6844139efdf1ee500", "key": "title"}, {"hash": "b2bcd21dea5c25f09b234688651791fd", "key": "description"}, {"hash": "c5b9315a071dc031333e754a6c18b197", "key": "href"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "afe48c3fc64f3dcf0944ff6536c43c36", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "ca3712ddee1ac1e48e7d8a157ac26179", "key": "pluginID"}, {"hash": "8e47d4082bf7f506143b52c07e08b700", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "ORACLELINUX_ELSA-2006-0730.NASL", "type": "nessus", "description": "Updated PHP packages that fix a security issue are now available. \n\nThis update has been rated as having important security impact by the Red Hat Security Response Team. \n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. \n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption. \n\n\nFrom Red Hat Security Advisory 2006:0730 :\n\nThe Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user.\n(CVE-2006-5465)\n\n\nFrom Red Hat Security Advisory 2006:0669 :\n\nA response-splitting issue was discovered in the PHP session handling.\nIf a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016)\n\nA buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020)\n\nAn integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)\n\nA buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow.\n(CVE-2006-4484)\n\nAn integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)", "viewCount": 0, "title": "Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2006-4486", "CVE-2006-4484", "CVE-2006-4020", "CVE-2006-3016", "CVE-2006-4482", "CVE-2006-5465"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisories ELSA-2006-0730 / \n# ELSA-2006-0669.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67421);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/07/14 23:36:28 $\");\n\n script_cve_id(\"CVE-2006-3016\", \"CVE-2006-4020\", \"CVE-2006-4482\", \"CVE-2006-4484\", \"CVE-2006-4486\", \"CVE-2006-5465\");\n script_osvdb_id(25253, 27824, 28001, 28002, 28003, 28004, 30178, 30179);\n script_xref(name:\"RHSA\", value:\"2006:0669\");\n script_xref(name:\"RHSA\", value:\"2006:0730\");\n\n script_name(english:\"Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix a security issue are now available. \n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team. \n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server. \n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues. These packages also contain\na fix for a bug where certain input strings to the metaphone() function\ncould cause memory corruption. \n\n\nFrom Red Hat Security Advisory 2006:0730 :\n\nThe Hardened-PHP Project discovered an overflow in the PHP\nhtmlentities() and htmlspecialchars() routines. If a PHP script used\nthe vulnerable functions to parse UTF-8 data, a remote attacker\nsending a carefully crafted request could trigger the overflow and\npotentially execute arbitrary code as the 'apache' user.\n(CVE-2006-5465)\n\n\nFrom Red Hat Security Advisory 2006:0669 :\n\nA response-splitting issue was discovered in the PHP session handling.\nIf a remote attacker can force a carefully crafted session identifier\nto be used, a cross-site-scripting or response-splitting attack could\nbe possible. (CVE-2006-3016)\n\nA buffer overflow was discovered in the PHP sscanf() function. If a\nscript used the sscanf() function with positional arguments in the\nformat string, a remote attacker sending a carefully crafted request\ncould execute arbitrary code as the 'apache' user. (CVE-2006-4020)\n\nAn integer overflow was discovered in the PHP wordwrap() and\nstr_repeat() functions. If a script running on a 64-bit server used\neither of these functions on untrusted user data, a remote attacker\nsending a carefully crafted request might be able to cause a heap\noverflow. (CVE-2006-4482)\n\nA buffer overflow was discovered in the PHP gd extension. If a script\nwas set up to process GIF images from untrusted sources using the gd\nextension, a remote attacker could cause a heap overflow.\n(CVE-2006-4484)\n\nAn integer overflow was discovered in the PHP memory allocation\nhandling. On 64-bit platforms, the 'memory_limit' setting was not\nenforced correctly, which could allow a denial of service attack by a\nremote user. (CVE-2006-4486)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000016.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-devel-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-devel-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-domxml-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-domxml-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-gd-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-gd-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-imap-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-imap-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-ldap-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-ldap-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-mbstring-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-mbstring-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-mysql-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-mysql-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-ncurses-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-ncurses-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-odbc-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-odbc-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-pear-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-pear-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-pgsql-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-pgsql-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-snmp-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-snmp-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-xmlrpc-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-xmlrpc-4.3.9-3.22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n\n", "published": "2013-07-12T00:00:00", "pluginID": "67421", "references": ["https://oss.oracle.com/pipermail/el-errata/2006-November/000016.html"], "reporter": "Tenable", "modified": "2013-07-14T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67421"}, "lastseen": "2016-09-26T17:25:52", "edition": 1, "differentElements": ["cpe"]}], "objectVersion": "1.3", "cvelist": ["CVE-2006-4486", "CVE-2006-4484", "CVE-2006-4020", "CVE-2006-3016", "CVE-2006-4482", "CVE-2006-5465"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisories ELSA-2006-0730 / \n# ELSA-2006-0669.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67421);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/07/14 23:36:28 $\");\n\n script_cve_id(\"CVE-2006-3016\", \"CVE-2006-4020\", \"CVE-2006-4482\", \"CVE-2006-4484\", \"CVE-2006-4486\", \"CVE-2006-5465\");\n script_osvdb_id(25253, 27824, 28001, 28002, 28003, 28004, 30178, 30179);\n script_xref(name:\"RHSA\", value:\"2006:0669\");\n script_xref(name:\"RHSA\", value:\"2006:0730\");\n\n script_name(english:\"Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix a security issue are now available. \n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team. \n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server. \n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues. These packages also contain\na fix for a bug where certain input strings to the metaphone() function\ncould cause memory corruption. \n\n\nFrom Red Hat Security Advisory 2006:0730 :\n\nThe Hardened-PHP Project discovered an overflow in the PHP\nhtmlentities() and htmlspecialchars() routines. If a PHP script used\nthe vulnerable functions to parse UTF-8 data, a remote attacker\nsending a carefully crafted request could trigger the overflow and\npotentially execute arbitrary code as the 'apache' user.\n(CVE-2006-5465)\n\n\nFrom Red Hat Security Advisory 2006:0669 :\n\nA response-splitting issue was discovered in the PHP session handling.\nIf a remote attacker can force a carefully crafted session identifier\nto be used, a cross-site-scripting or response-splitting attack could\nbe possible. (CVE-2006-3016)\n\nA buffer overflow was discovered in the PHP sscanf() function. If a\nscript used the sscanf() function with positional arguments in the\nformat string, a remote attacker sending a carefully crafted request\ncould execute arbitrary code as the 'apache' user. (CVE-2006-4020)\n\nAn integer overflow was discovered in the PHP wordwrap() and\nstr_repeat() functions. If a script running on a 64-bit server used\neither of these functions on untrusted user data, a remote attacker\nsending a carefully crafted request might be able to cause a heap\noverflow. (CVE-2006-4482)\n\nA buffer overflow was discovered in the PHP gd extension. If a script\nwas set up to process GIF images from untrusted sources using the gd\nextension, a remote attacker could cause a heap overflow.\n(CVE-2006-4484)\n\nAn integer overflow was discovered in the PHP memory allocation\nhandling. On 64-bit platforms, the 'memory_limit' setting was not\nenforced correctly, which could allow a denial of service attack by a\nremote user. (CVE-2006-4486)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000016.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-devel-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-devel-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-domxml-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-domxml-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-gd-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-gd-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-imap-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-imap-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-ldap-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-ldap-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-mbstring-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-mbstring-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-mysql-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-mysql-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-ncurses-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-ncurses-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-odbc-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-odbc-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-pear-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-pear-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-pgsql-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-pgsql-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-snmp-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-snmp-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-xmlrpc-4.3.9-3.22\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-xmlrpc-4.3.9-3.22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n\n", "published": "2013-07-12T00:00:00", "pluginID": "67421", "references": ["https://oss.oracle.com/pipermail/el-errata/2006-November/000016.html"], "reporter": "Tenable", "modified": "2013-07-14T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67421"}
{"result": {"cve": [{"id": "CVE-2006-4486", "type": "cve", "title": "CVE-2006-4486", "description": "Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.", "published": "2006-08-31T17:04:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4486", "cvelist": ["CVE-2006-4486"], "lastseen": "2017-10-11T11:06:46"}, {"id": "CVE-2006-4484", "type": "cve", "title": "CVE-2006-4484", "description": "Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.", "published": "2006-08-31T17:04:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4484", "cvelist": ["CVE-2006-4484"], "lastseen": "2017-10-11T11:06:46"}, {"id": "CVE-2006-4020", "type": "cve", "title": "CVE-2006-4020", "description": "scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.", "published": "2006-08-08T16:04:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4020", "cvelist": ["CVE-2006-4020"], "lastseen": "2017-10-11T11:06:44"}, {"id": "CVE-2006-3016", "type": "cve", "title": "CVE-2006-3016", "description": "Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to \"certain characters in session names,\" including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().", "published": "2006-06-14T19:02:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3016", "cvelist": ["CVE-2006-3016"], "lastseen": "2017-10-11T11:06:40"}, {"id": "CVE-2006-4482", "type": "cve", "title": "CVE-2006-4482", "description": "Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.", "published": "2006-08-31T17:04:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4482", "cvelist": ["CVE-2006-4482"], "lastseen": "2017-10-11T11:06:46"}, {"id": "CVE-2006-5465", "type": "cve", "title": "CVE-2006-5465", "description": "Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.", "published": "2006-11-03T19:07:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5465", "cvelist": ["CVE-2006-5465"], "lastseen": "2017-10-11T11:06:50"}], "osvdb": [{"id": "OSVDB:28001", "type": "osvdb", "title": "PHP on 64-bit memory_limit Unspecified Issue", "description": "## Solution Description\nUpgrade to version 4.4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/release_4_4_4.php\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-362-1)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm)\n[Secunia Advisory ID:22440](https://secuniaresearch.flexerasoftware.com/advisories/22440/)\n[Secunia Advisory ID:25945](https://secuniaresearch.flexerasoftware.com/advisories/25945/)\n[Secunia Advisory ID:22004](https://secuniaresearch.flexerasoftware.com/advisories/22004/)\n[Secunia Advisory ID:22069](https://secuniaresearch.flexerasoftware.com/advisories/22069/)\n[Secunia Advisory ID:22225](https://secuniaresearch.flexerasoftware.com/advisories/22225/)\n[Secunia Advisory ID:22538](https://secuniaresearch.flexerasoftware.com/advisories/22538/)\n[Secunia Advisory ID:21546](https://secuniaresearch.flexerasoftware.com/advisories/21546/)\n[Secunia Advisory ID:22331](https://secuniaresearch.flexerasoftware.com/advisories/22331/)\n[Secunia Advisory ID:22487](https://secuniaresearch.flexerasoftware.com/advisories/22487/)\n[Related OSVDB ID: 27999](https://vulners.com/osvdb/OSVDB:27999)\n[Related OSVDB ID: 28002](https://vulners.com/osvdb/OSVDB:28002)\n[Related OSVDB ID: 28003](https://vulners.com/osvdb/OSVDB:28003)\n[Related OSVDB ID: 28000](https://vulners.com/osvdb/OSVDB:28000)\n[Related OSVDB ID: 28005](https://vulners.com/osvdb/OSVDB:28005)\nRedHat RHSA: RHSA-2006:0669\nRedHat RHSA: RHSA-2006:0682\nOther Advisory URL: https://issues.rpath.com/browse/RPL-683\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1331\n[CVE-2006-4486](https://vulners.com/cve/CVE-2006-4486)\n", "published": "2006-08-17T04:49:07", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:28001", "cvelist": ["CVE-2006-4486"], "lastseen": "2017-04-28T13:20:12"}, {"id": "OSVDB:28002", "type": "osvdb", "title": "PHP GD Extension GIF Processing Overflow", "description": "## Solution Description\nUpgrade to version 4.4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/release_4_4_4.php\nVendor Specific News/Changelog Entry: http://bugs.php.net/bug.php?id=38112\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-342-1)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:162)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm)\n[Secunia Advisory ID:22440](https://secuniaresearch.flexerasoftware.com/advisories/22440/)\n[Secunia Advisory ID:22039](https://secuniaresearch.flexerasoftware.com/advisories/22039/)\n[Secunia Advisory ID:22069](https://secuniaresearch.flexerasoftware.com/advisories/22069/)\n[Secunia Advisory ID:22225](https://secuniaresearch.flexerasoftware.com/advisories/22225/)\n[Secunia Advisory ID:22538](https://secuniaresearch.flexerasoftware.com/advisories/22538/)\n[Secunia Advisory ID:21546](https://secuniaresearch.flexerasoftware.com/advisories/21546/)\n[Secunia Advisory ID:21768](https://secuniaresearch.flexerasoftware.com/advisories/21768/)\n[Secunia Advisory ID:21842](https://secuniaresearch.flexerasoftware.com/advisories/21842/)\n[Secunia Advisory ID:22487](https://secuniaresearch.flexerasoftware.com/advisories/22487/)\n[Related OSVDB ID: 27999](https://vulners.com/osvdb/OSVDB:27999)\n[Related OSVDB ID: 28003](https://vulners.com/osvdb/OSVDB:28003)\n[Related OSVDB ID: 28000](https://vulners.com/osvdb/OSVDB:28000)\n[Related OSVDB ID: 28001](https://vulners.com/osvdb/OSVDB:28001)\n[Related OSVDB ID: 28005](https://vulners.com/osvdb/OSVDB:28005)\nRedHat RHSA: RHSA-2006:0669\nOther Advisory URL: https://issues.rpath.com/browse/RPL-683\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Sep/0006.html\n[CVE-2006-4484](https://vulners.com/cve/CVE-2006-4484)\n", "published": "2006-08-17T04:49:07", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:28002", "cvelist": ["CVE-2006-4484"], "lastseen": "2017-04-28T13:20:12"}, {"id": "OSVDB:27824", "type": "osvdb", "title": "PHP sscanf() Function Argument Swapping Overflow", "description": "## Vulnerability Description\nPHP contains a flaw that may allow an attacker to gain elevated privileges. The issue is due to the sscanf() function not properly sanitizing user-supplied input. By providing an overly long string, an attacker can trigger a buffer overflow and execute arbitrary code.\n## Solution Description\nUpgrade to version 4.4.4, 5.1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that may allow an attacker to gain elevated privileges. The issue is due to the sscanf() function not properly sanitizing user-supplied input. By providing an overly long string, an attacker can trigger a buffer overflow and execute arbitrary code.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://bugs.php.net/bug.php?id=38322\nVendor Specific News/Changelog Entry: http://www.php.net/release_5_1_5.php\nVendor Specific News/Changelog Entry: http://us2.php.net/releases/4_4_4.php\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-342-1)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Aug/0006.html)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200608-28.xml)\n[Secunia Advisory ID:22440](https://secuniaresearch.flexerasoftware.com/advisories/22440/)\n[Secunia Advisory ID:21403](https://secuniaresearch.flexerasoftware.com/advisories/21403/)\n[Secunia Advisory ID:22039](https://secuniaresearch.flexerasoftware.com/advisories/22039/)\n[Secunia Advisory ID:22004](https://secuniaresearch.flexerasoftware.com/advisories/22004/)\n[Secunia Advisory ID:22069](https://secuniaresearch.flexerasoftware.com/advisories/22069/)\n[Secunia Advisory ID:22538](https://secuniaresearch.flexerasoftware.com/advisories/22538/)\n[Secunia Advisory ID:21467](https://secuniaresearch.flexerasoftware.com/advisories/21467/)\n[Secunia Advisory ID:21608](https://secuniaresearch.flexerasoftware.com/advisories/21608/)\n[Secunia Advisory ID:21683](https://secuniaresearch.flexerasoftware.com/advisories/21683/)\n[Secunia Advisory ID:21768](https://secuniaresearch.flexerasoftware.com/advisories/21768/)\n[Secunia Advisory ID:22487](https://secuniaresearch.flexerasoftware.com/advisories/22487/)\n[Secunia Advisory ID:23247](https://secuniaresearch.flexerasoftware.com/advisories/23247/)\nRedHat RHSA: RHSA-2006:0669\nRedHat RHSA: RHSA-2006:0682\nRedHat RHSA: RHSA-2006:0736\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:144\nOther Advisory URL: http://www.plain-text.info/sscanf_bug.txt\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Sep/0006.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0113.html\nFrSIRT Advisory: ADV-2006-3193\n[CVE-2006-4020](https://vulners.com/cve/CVE-2006-4020)\nBugtraq ID: 19415\n", "published": "2006-08-04T06:05:04", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:27824", "cvelist": ["CVE-2006-4020"], "lastseen": "2017-04-28T13:20:24"}, {"id": "OSVDB:28000", "type": "osvdb", "title": "PHP sscanf() Function Overflow", "description": "## Vulnerability Description\nPHP contains a flaw that may allow a context-dependent attacker to elevate privileges. The issue is due to the sscanf function in scanf.c not properly sanitizing user-supplied input. Passing a crafted string to this function may trigger a buvver over-read allowing the execution of arbitrary code.\n## Solution Description\nUpgrade to version 4.4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that may allow a context-dependent attacker to elevate privileges. The issue is due to the sscanf function in scanf.c not properly sanitizing user-supplied input. Passing a crafted string to this function may trigger a buvver over-read allowing the execution of arbitrary code.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/release_4_4_4.php\nVendor Specific News/Changelog Entry: http://bugs.php.net/bug.php?id=38322\n[Secunia Advisory ID:21546](https://secuniaresearch.flexerasoftware.com/advisories/21546/)\n[Secunia Advisory ID:23247](https://secuniaresearch.flexerasoftware.com/advisories/23247/)\n[Related OSVDB ID: 27999](https://vulners.com/osvdb/OSVDB:27999)\n[Related OSVDB ID: 28002](https://vulners.com/osvdb/OSVDB:28002)\n[Related OSVDB ID: 28003](https://vulners.com/osvdb/OSVDB:28003)\n[Related OSVDB ID: 28001](https://vulners.com/osvdb/OSVDB:28001)\n[Related OSVDB ID: 28005](https://vulners.com/osvdb/OSVDB:28005)\nRedHat RHSA: RHSA-2006:0736\n[CVE-2006-4020](https://vulners.com/cve/CVE-2006-4020)\n", "published": "2006-08-17T04:49:07", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:28000", "cvelist": ["CVE-2006-4020"], "lastseen": "2017-04-28T13:20:24"}, {"id": "OSVDB:25253", "type": "osvdb", "title": "PHP Session Name Unspecified Character Weakness", "description": "## Vulnerability Description\nPHP contains a flaw related to the use of unspecified unusual characters in session names. No further details have been provided.\n## Solution Description\nUpgrade to version 4.4.3, 5.1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw related to the use of unspecified unusual characters in session names. No further details have been provided.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/release_4_4_3.php\nVendor Specific News/Changelog Entry: http://www.php.net/release_5_1_3.php\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:122)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc)\nSecurity Tracker: 1016306\n[Secunia Advisory ID:19927](https://secuniaresearch.flexerasoftware.com/advisories/19927/)\n[Secunia Advisory ID:22440](https://secuniaresearch.flexerasoftware.com/advisories/22440/)\n[Secunia Advisory ID:21050](https://secuniaresearch.flexerasoftware.com/advisories/21050/)\n[Secunia Advisory ID:22004](https://secuniaresearch.flexerasoftware.com/advisories/22004/)\n[Secunia Advisory ID:22069](https://secuniaresearch.flexerasoftware.com/advisories/22069/)\n[Secunia Advisory ID:22225](https://secuniaresearch.flexerasoftware.com/advisories/22225/)\n[Secunia Advisory ID:22487](https://secuniaresearch.flexerasoftware.com/advisories/22487/)\n[Secunia Advisory ID:23247](https://secuniaresearch.flexerasoftware.com/advisories/23247/)\n[Related OSVDB ID: 25254](https://vulners.com/osvdb/OSVDB:25254)\n[Related OSVDB ID: 25255](https://vulners.com/osvdb/OSVDB:25255)\nRedHat RHSA: RHSA-2006:0669\nRedHat RHSA: RHSA-2006:0682\nRedHat RHSA: RHSA-2006:0736\nOther Advisory URL: https://issues.rpath.com/browse/RPL-683\n[CVE-2006-3016](https://vulners.com/cve/CVE-2006-3016)\n", "published": "2006-05-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:25253", "cvelist": ["CVE-2006-3016"], "lastseen": "2017-04-28T13:20:22"}, {"id": "OSVDB:28003", "type": "osvdb", "title": "PHP on 64-bit str_repeat() Function Overflow", "description": "## Solution Description\nUpgrade to version 4.4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/release_4_4_4.php\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-342-1)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm)\n[Secunia Advisory ID:22440](https://secuniaresearch.flexerasoftware.com/advisories/22440/)\n[Secunia Advisory ID:22713](https://secuniaresearch.flexerasoftware.com/advisories/22713/)\n[Secunia Advisory ID:22039](https://secuniaresearch.flexerasoftware.com/advisories/22039/)\n[Secunia Advisory ID:22004](https://secuniaresearch.flexerasoftware.com/advisories/22004/)\n[Secunia Advisory ID:22069](https://secuniaresearch.flexerasoftware.com/advisories/22069/)\n[Secunia Advisory ID:22225](https://secuniaresearch.flexerasoftware.com/advisories/22225/)\n[Secunia Advisory ID:22538](https://secuniaresearch.flexerasoftware.com/advisories/22538/)\n[Secunia Advisory ID:21546](https://secuniaresearch.flexerasoftware.com/advisories/21546/)\n[Secunia Advisory ID:21768](https://secuniaresearch.flexerasoftware.com/advisories/21768/)\n[Secunia Advisory ID:22487](https://secuniaresearch.flexerasoftware.com/advisories/22487/)\n[Related OSVDB ID: 27999](https://vulners.com/osvdb/OSVDB:27999)\n[Related OSVDB ID: 28004](https://vulners.com/osvdb/OSVDB:28004)\n[Related OSVDB ID: 28002](https://vulners.com/osvdb/OSVDB:28002)\n[Related OSVDB ID: 28000](https://vulners.com/osvdb/OSVDB:28000)\n[Related OSVDB ID: 28001](https://vulners.com/osvdb/OSVDB:28001)\n[Related OSVDB ID: 28005](https://vulners.com/osvdb/OSVDB:28005)\nRedHat RHSA: RHSA-2006:0669\nRedHat RHSA: RHSA-2006:0682\nOther Advisory URL: https://issues.rpath.com/browse/RPL-683\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Sep/0006.html\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1206\n[CVE-2006-4482](https://vulners.com/cve/CVE-2006-4482)\n", "published": "2006-08-17T04:49:07", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:28003", "cvelist": ["CVE-2006-4482"], "lastseen": "2017-04-28T13:20:12"}, {"id": "OSVDB:28004", "type": "osvdb", "title": "PHP on 64-bit wordwrap() Function Overflow", "description": "## Solution Description\nUpgrade to version 4.4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/release_4_4_4.php\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-342-1)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm)\n[Secunia Advisory ID:22440](https://secuniaresearch.flexerasoftware.com/advisories/22440/)\n[Secunia Advisory ID:22713](https://secuniaresearch.flexerasoftware.com/advisories/22713/)\n[Secunia Advisory ID:22039](https://secuniaresearch.flexerasoftware.com/advisories/22039/)\n[Secunia Advisory ID:22004](https://secuniaresearch.flexerasoftware.com/advisories/22004/)\n[Secunia Advisory ID:22069](https://secuniaresearch.flexerasoftware.com/advisories/22069/)\n[Secunia Advisory ID:22225](https://secuniaresearch.flexerasoftware.com/advisories/22225/)\n[Secunia Advisory ID:22538](https://secuniaresearch.flexerasoftware.com/advisories/22538/)\n[Secunia Advisory ID:21546](https://secuniaresearch.flexerasoftware.com/advisories/21546/)\n[Secunia Advisory ID:21768](https://secuniaresearch.flexerasoftware.com/advisories/21768/)\n[Secunia Advisory ID:22487](https://secuniaresearch.flexerasoftware.com/advisories/22487/)\n[Related OSVDB ID: 27999](https://vulners.com/osvdb/OSVDB:27999)\n[Related OSVDB ID: 28002](https://vulners.com/osvdb/OSVDB:28002)\n[Related OSVDB ID: 28003](https://vulners.com/osvdb/OSVDB:28003)\n[Related OSVDB ID: 28000](https://vulners.com/osvdb/OSVDB:28000)\n[Related OSVDB ID: 28001](https://vulners.com/osvdb/OSVDB:28001)\n[Related OSVDB ID: 28005](https://vulners.com/osvdb/OSVDB:28005)\nRedHat RHSA: RHSA-2006:0669\nRedHat RHSA: RHSA-2006:0682\nOther Advisory URL: https://issues.rpath.com/browse/RPL-683\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Sep/0006.html\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1206\n[CVE-2006-4482](https://vulners.com/cve/CVE-2006-4482)\n", "published": "2006-08-17T04:49:07", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:28004", "cvelist": ["CVE-2006-4482"], "lastseen": "2017-04-28T13:20:12"}, {"id": "OSVDB:30179", "type": "osvdb", "title": "PHP htmlspecialchars() Function UTF-8 Input Overflow", "description": "## Solution Description\nUpgrade to version 5.2.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific Solution URL: http://support.veritas.com/docs/285984\nVendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_0.php\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1206)\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2006/0061/)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-375-1)\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-761)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=304829)\n[Vendor Specific Advisory URL](http://securityresponse.symantec.com/avcenter/security/Content/2006.11.28.html)\n[Vendor Specific Advisory URL](http://www.cisco.com/warp/public/707/cisco-sr-20070425-http.shtml)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:196)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P.asc)\n[Secunia Advisory ID:22653](https://secuniaresearch.flexerasoftware.com/advisories/22653/)\n[Secunia Advisory ID:22713](https://secuniaresearch.flexerasoftware.com/advisories/22713/)\n[Secunia Advisory ID:22759](https://secuniaresearch.flexerasoftware.com/advisories/22759/)\n[Secunia Advisory ID:22779](https://secuniaresearch.flexerasoftware.com/advisories/22779/)\n[Secunia Advisory ID:22929](https://secuniaresearch.flexerasoftware.com/advisories/22929/)\n[Secunia Advisory ID:23155](https://secuniaresearch.flexerasoftware.com/advisories/23155/)\n[Secunia Advisory ID:22685](https://secuniaresearch.flexerasoftware.com/advisories/22685/)\n[Secunia Advisory ID:22688](https://secuniaresearch.flexerasoftware.com/advisories/22688/)\n[Secunia Advisory ID:23139](https://secuniaresearch.flexerasoftware.com/advisories/23139/)\n[Secunia Advisory ID:24606](https://secuniaresearch.flexerasoftware.com/advisories/24606/)\n[Secunia Advisory ID:25047](https://secuniaresearch.flexerasoftware.com/advisories/25047/)\n[Secunia Advisory ID:22693](https://secuniaresearch.flexerasoftware.com/advisories/22693/)\n[Secunia Advisory ID:22753](https://secuniaresearch.flexerasoftware.com/advisories/22753/)\n[Secunia Advisory ID:22881](https://secuniaresearch.flexerasoftware.com/advisories/22881/)\n[Secunia Advisory ID:23247](https://secuniaresearch.flexerasoftware.com/advisories/23247/)\n[Related OSVDB ID: 30178](https://vulners.com/osvdb/OSVDB:30178)\nRedHat RHSA: RHSA-2006:0730\nRedHat RHSA: RHSA-2006:0736\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Nov/0004.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml\nOther Advisory URL: http://www.hardened-php.net/advisory_132006.138.html\nOther Advisory URL: http://www.cisco.com/warp/public/707/cisco-sr-20070425-http.shtml\nNews Article: http://news.com.com/Apple+Mac+OS+X+patch+plugs+31+vulnerabilities/2100-1002_3-6139117.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0574.html\n[CVE-2006-5465](https://vulners.com/cve/CVE-2006-5465)\nBugtraq ID: 20879\n", "published": "2006-11-02T13:03:48", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:30179", "cvelist": ["CVE-2006-5465"], "lastseen": "2017-04-28T13:20:26"}, {"id": "OSVDB:30178", "type": "osvdb", "title": "PHP htmlentities() Function UTF-8 Input Overflow", "description": "## Solution Description\nUpgrade to version 5.2.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific Solution URL: http://support.veritas.com/docs/285984\nVendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_0.php\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1206)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-375-1)\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-761)\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2006/0061/)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=304829)\n[Vendor Specific Advisory URL](http://securityresponse.symantec.com/avcenter/security/Content/2006.11.28.html)\n[Vendor Specific Advisory URL](http://www.cisco.com/warp/public/707/cisco-sr-20070425-http.shtml)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:196)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P.asc)\n[Secunia Advisory ID:22653](https://secuniaresearch.flexerasoftware.com/advisories/22653/)\n[Secunia Advisory ID:22713](https://secuniaresearch.flexerasoftware.com/advisories/22713/)\n[Secunia Advisory ID:22759](https://secuniaresearch.flexerasoftware.com/advisories/22759/)\n[Secunia Advisory ID:22779](https://secuniaresearch.flexerasoftware.com/advisories/22779/)\n[Secunia Advisory ID:22929](https://secuniaresearch.flexerasoftware.com/advisories/22929/)\n[Secunia Advisory ID:23155](https://secuniaresearch.flexerasoftware.com/advisories/23155/)\n[Secunia Advisory ID:22688](https://secuniaresearch.flexerasoftware.com/advisories/22688/)\n[Secunia Advisory ID:22685](https://secuniaresearch.flexerasoftware.com/advisories/22685/)\n[Secunia Advisory ID:23139](https://secuniaresearch.flexerasoftware.com/advisories/23139/)\n[Secunia Advisory ID:24606](https://secuniaresearch.flexerasoftware.com/advisories/24606/)\n[Secunia Advisory ID:25047](https://secuniaresearch.flexerasoftware.com/advisories/25047/)\n[Secunia Advisory ID:22693](https://secuniaresearch.flexerasoftware.com/advisories/22693/)\n[Secunia Advisory ID:22753](https://secuniaresearch.flexerasoftware.com/advisories/22753/)\n[Secunia Advisory ID:22881](https://secuniaresearch.flexerasoftware.com/advisories/22881/)\n[Secunia Advisory ID:23247](https://secuniaresearch.flexerasoftware.com/advisories/23247/)\n[Related OSVDB ID: 30179](https://vulners.com/osvdb/OSVDB:30179)\nRedHat RHSA: RHSA-2006:0730\nRedHat RHSA: RHSA-2006:0736\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Nov/0004.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml\nOther Advisory URL: http://www.hardened-php.net/advisory_132006.138.html\nOther Advisory URL: http://www.cisco.com/warp/public/707/cisco-sr-20070425-http.shtml\nNews Article: http://news.com.com/Apple+Mac+OS+X+patch+plugs+31+vulnerabilities/2100-1002_3-6139117.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0574.html\n[CVE-2006-5465](https://vulners.com/cve/CVE-2006-5465)\nBugtraq ID: 20879\n", "published": "2006-11-02T13:03:48", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:30178", "cvelist": ["CVE-2006-5465"], "lastseen": "2017-04-28T13:20:26"}], "openvas": [{"id": "OPENVAS:58452", "type": "openvas", "title": "Debian Security Advisory DSA 1331-1 (php4)", "description": "The remote host is missing an update to php4\nannounced via advisory DSA 1331-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58452", "cvelist": ["CVE-2006-4486", "CVE-2006-0207", "CVE-2007-1864"], "lastseen": "2017-07-24T12:50:09"}, {"id": "OPENVAS:57375", "type": "openvas", "title": "FreeBSD Ports: php4, php5", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57375", "cvelist": ["CVE-2006-4486", "CVE-2006-4483", "CVE-2006-4484", "CVE-2006-4485", "CVE-2006-4482", "CVE-2006-4481"], "lastseen": "2017-07-02T21:10:14"}, {"id": "OPENVAS:1361412562310110173", "type": "openvas", "title": "PHP Version < 5.2.0 Multiple Vulnerabilities", "description": "PHP version smaller than 5.2.0 suffers from multiple vulnerabilities.", "published": "2012-06-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310110173", "cvelist": ["CVE-2006-4486", "CVE-2007-2844", "CVE-2006-7205", "CVE-2006-2660", "CVE-2007-1381", "CVE-2007-1584", "CVE-2006-4625", "CVE-2007-0448", "CVE-2006-1015", "CVE-2006-4812", "CVE-2007-5424", "CVE-2006-1549", "CVE-2006-5465", "CVE-2006-5706", "CVE-2007-1888"], "lastseen": "2018-07-10T17:56:30"}, {"id": "OPENVAS:860643", "type": "openvas", "title": "Fedora Update for graphviz FEDORA-2008-1643", "description": "Check for the Version of graphviz", "published": "2009-02-16T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860643", "cvelist": ["CVE-2006-4484"], "lastseen": "2017-07-25T10:56:54"}, {"id": "OPENVAS:1361412562310830491", "type": "openvas", "title": "Mandriva Update for gd MDVSA-2008:038 (gd)", "description": "Check for the Version of gd", "published": "2009-04-09T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830491", "cvelist": ["CVE-2006-4484"], "lastseen": "2018-04-09T11:38:28"}, {"id": "OPENVAS:830491", "type": "openvas", "title": "Mandriva Update for gd MDVSA-2008:038 (gd)", "description": "Check for the Version of gd", "published": "2009-04-09T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830491", "cvelist": ["CVE-2006-4484"], "lastseen": "2017-07-24T12:56:01"}, {"id": "OPENVAS:66007", "type": "openvas", "title": "SLES10: Security update for perl-Tk", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n perl-Tk\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66007", "cvelist": ["CVE-2006-4484"], "lastseen": "2017-07-26T08:55:52"}, {"id": "OPENVAS:136141256231065420", "type": "openvas", "title": "SLES9: Security update for perl-Tk", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n perl-Tk\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021923 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065420", "cvelist": ["CVE-2006-4484"], "lastseen": "2018-04-06T11:38:41"}, {"id": "OPENVAS:830703", "type": "openvas", "title": "Mandriva Update for perl-Tk MDVSA-2008:077 (perl-Tk)", "description": "Check for the Version of perl-Tk", "published": "2009-04-09T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830703", "cvelist": ["CVE-2006-4484"], "lastseen": "2017-07-24T12:57:00"}, {"id": "OPENVAS:1361412562310830703", "type": "openvas", "title": "Mandriva Update for perl-Tk MDVSA-2008:077 (perl-Tk)", "description": "Check for the Version of perl-Tk", "published": "2009-04-09T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830703", "cvelist": ["CVE-2006-4484"], "lastseen": "2018-04-09T11:41:06"}], "nessus": [{"id": "DEBIAN_DSA-1331.NASL", "type": "nessus", "title": "Debian DSA-1331-1 : php4 - several vulnerabilities", "description": "Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2006-0207 Stefan Esser discovered HTTP response splitting vulnerabilities in the session extension. This only affects Debian 3.1 (Sarge).\n\n - CVE-2006-4486 Stefan Esser discovered that an integer overflow in memory allocation routines allows the bypass of memory limit restrictions. This only affects Debian 3.1 (Sarge) on 64 bit architectures.\n\n - CVE-2007-1864 It was discovered that a buffer overflow in the xmlrpc extension allows the execution of arbitrary code.", "published": "2007-07-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25678", "cvelist": ["CVE-2006-4486", "CVE-2006-0207", "CVE-2007-1864"], "lastseen": "2017-10-29T13:46:08"}, {"id": "CENTOS_RHSA-2006-0669.NASL", "type": "nessus", "title": "CentOS 3 / 4 : php (CESA-2006:0669)", "description": "Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA response-splitting issue was discovered in the PHP session handling.\nIf a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016)\n\nA buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020)\n\nAn integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)\n\nA buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow.\n(CVE-2006-4484)\n\nAn integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption.", "published": "2006-09-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22423", "cvelist": ["CVE-2006-4486", "CVE-2006-4484", "CVE-2006-4020", "CVE-2006-3016", "CVE-2006-4482"], "lastseen": "2017-10-29T13:46:07"}, {"id": "REDHAT-RHSA-2006-0682.NASL", "type": "nessus", "title": "RHEL 2.1 : php (RHSA-2006:0682)", "description": "Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA response-splitting issue was discovered in the PHP session handling.\nIf a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016)\n\nA buffer overflow was discovered found in the PHP sscanf() function.\nIf a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user.\n(CVE-2006-4020)\n\nAn integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)\n\nAn integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption.", "published": "2006-09-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22444", "cvelist": ["CVE-2006-4486", "CVE-2006-4020", "CVE-2006-3016", "CVE-2006-4482"], "lastseen": "2017-10-29T13:40:08"}, {"id": "UBUNTU_USN-362-1.NASL", "type": "nessus", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-362-1)", "description": "The stripos() function did not check for invalidly long or empty haystack strings. In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter. (CVE-2006-4485)\n\nAn integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly. A remote attacker could exploit this to cause a Denial of Service attack through memory exhaustion. (CVE-2006-4486)\n\nMaksymilian Arciemowicz discovered that security relevant configuration options like open_basedir and safe_mode (which can be configured in Apache's httpd.conf) could be bypassed and reset to their default value in php.ini by using the ini_restore() function.\n(CVE-2006-4625)\n\nStefan Esser discovered that the ecalloc() function in the Zend engine did not check for integer overflows. This particularly affected the unserialize() function. In applications which unserialize untrusted user-defined data, this could be exploited to execute arbitrary code with the application's privileges. (CVE-2006-4812).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-11-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27942", "cvelist": ["CVE-2006-4486", "CVE-2006-4625", "CVE-2006-4485", "CVE-2006-4812"], "lastseen": "2017-10-29T13:44:49"}, {"id": "REDHAT-RHSA-2006-0669.NASL", "type": "nessus", "title": "RHEL 3 / 4 : php (RHSA-2006:0669)", "description": "Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA response-splitting issue was discovered in the PHP session handling.\nIf a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016)\n\nA buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020)\n\nAn integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)\n\nA buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow.\n(CVE-2006-4484)\n\nAn integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption.", "published": "2006-09-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22443", "cvelist": ["CVE-2006-4486", "CVE-2006-4484", "CVE-2006-4020", "CVE-2006-3016", "CVE-2006-4482"], "lastseen": "2017-10-29T13:33:21"}, {"id": "FREEBSD_PKG_EA09C5DF436211DB81E1000E0C2E438A.NASL", "type": "nessus", "title": "FreeBSD : php -- multiple vulnerabilities (ea09c5df-4362-11db-81e1-000e0c2e438a)", "description": "The PHP development team reports :\n\n- Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.\n\n- Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.\n\n- Fixed possible open_basedir/safe_mode bypass in cURL extension and with realpath cache.\n\n- Fixed overflow in GD extension on invalid GIF images.\n\n- Fixed a buffer overflow inside sscanf() function.\n\n- Fixed an out of bounds read inside stripos() function.\n\n- Fixed memory_limit restriction on 64 bit system.", "published": "2006-09-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22343", "cvelist": ["CVE-2006-4486", "CVE-2006-4483", "CVE-2006-4484", "CVE-2006-4485", "CVE-2006-4482", "CVE-2006-4481"], "lastseen": "2017-10-29T13:37:59"}, {"id": "PHP_5_2_0.NASL", "type": "nessus", "title": "PHP 5.x < 5.2 Multiple Vulnerabilities", "description": "According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. \n\nTo exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as 'htmlentities().'", "published": "2008-03-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31649", "cvelist": ["CVE-2006-4486", "CVE-2007-2844", "CVE-2006-7205", "CVE-2006-2660", "CVE-2007-1381", "CVE-2007-1584", "CVE-2006-4625", "CVE-2007-0448", "CVE-2006-1015", "CVE-2006-4812", "CVE-2007-5424", "CVE-2006-1549", "CVE-2006-5465", "CVE-2006-5706", "CVE-2007-1888"], "lastseen": "2017-10-29T13:39:54"}, {"id": "MANDRAKE_MDKSA-2006-122.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : php (MDKSA-2006:122)", "description": "Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function. One instance in gd_io_dp.c does not appear to be corrected in the embedded copy of GD used in php to build the php-gd package. (CVE-2004-0941)\n\nInteger overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function.\nPHP, as packaged in Mandriva Linux, contains an embedded copy of the GD library, used to build the php-gd package. (CVE-2004-0990)\n\nThe c-client library 2000, 2001, or 2004 for PHP 3.x, 4.x, and 5.x, when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. (CVE-2006-1017)\n\nInteger overflow in the wordwrap function in string.c in might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. (CVE-2006-1990) The previous update for this issue did not resolve the issue on 64bit platforms.\n\nThe cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing nul characters. (CVE-2006-2563)\n\nBuffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. (CVE-2006-2660)\n\nThe LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. PHP, as packaged in Mandriva Linux, contains an embedded copy of the GD library, used to build the php-gd package. (CVE-2006-2906)\n\nThe error_log function in PHP allows local users to bypass safe mode and open_basedir restrictions via a 'php://' or other scheme in the third argument, which disables safe mode. (CVE-2006-3011)\n\nAn unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to 'certain characters in session names', including special characters that are frequently associated with CRLF injection, SQL injection, and cross-site scripting (XSS) vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().\n(CVE-2006-3016)\n\nAn unspecified vulnerability in PHP before 5.1.3 can prevent a variable from being unset even when the unset function is called, which might cause the variable's value to be used in security-relevant operations. (CVE-2006-3017)\n\nAn unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unkown impact and attack vectors related to heap corruption. (CVE-2006-3018)\n\nMultiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990. (CVE-2006-4482)\n\nThe cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache. (CVE-2006-4483)\n\nUnspecified vulnerability in PHP before 5.1.6, when running on a 64-bit system, has unknown impact and attack vectors related to the memory_limit restriction. (CVE-2006-4486)\n\nThe GD related issues (CVE-2004-0941, CVE-2004-0990, CVE-2006-2906) affect only Corporate 3 and Mandrake Network Firewall 2.\n\nThe php-curl issues (CVE-2006-2563, CVE-2006-4483) affect only Mandriva 2006.0.\n\nUpdated packages have been patched to address all these issues. Once these packages have been installed, you will need to restart Apache (service httpd restart) in order for the changes to take effect.", "published": "2006-07-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22053", "cvelist": ["CVE-2006-4486", "CVE-2006-2563", "CVE-2006-3011", "CVE-2006-4483", "CVE-2006-1990", "CVE-2006-2660", "CVE-2006-3017", "CVE-2004-0990", "CVE-2004-0941", "CVE-2006-2906", "CVE-2006-3016", "CVE-2006-1017", "CVE-2006-1991", "CVE-2006-3018", "CVE-2006-4482"], "lastseen": "2017-10-29T13:44:39"}, {"id": "FEDORA_2008-1643.NASL", "type": "nessus", "title": "Fedora 7 : graphviz-2.12-10.fc7 (2008-1643)", "description": "Rebuilt to utilize system gd instead of internal copy.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-02-14T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31079", "cvelist": ["CVE-2006-4484"], "lastseen": "2017-10-29T13:45:13"}, {"id": "SUSE9_12093.NASL", "type": "nessus", "title": "SuSE9 Security Update : perl-Tk (YOU Patch Number 12093)", "description": "Specially crafted GIF files could crash perl-Tk. (CVE-2006-4484)", "published": "2009-09-24T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=41199", "cvelist": ["CVE-2006-4484"], "lastseen": "2017-10-29T13:43:19"}], "debian": [{"id": "DSA-1331", "type": "debian", "title": "php4 -- several vulnerabilities", "description": "Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2006-0207](<https://security-tracker.debian.org/tracker/CVE-2006-0207>)\n\nStefan Esser discovered HTTP response splitting vulnerabilities in the session extension. This only affects Debian 3.1 (Sarge).\n\n * [CVE-2006-4486](<https://security-tracker.debian.org/tracker/CVE-2006-4486>)\n\nStefan Esser discovered that an integer overflow in memory allocation routines allows the bypass of memory limit restrictions. This only affects Debian 3.1 (Sarge) on 64 bit architectures.\n\n * [CVE-2007-1864](<https://security-tracker.debian.org/tracker/CVE-2007-1864>)\n\nIt was discovered that a buffer overflow in the xmlrpc extension allows the execution of arbitrary code.\n\nFor the oldstable distribution (sarge) these problems have been fixed in version 4.3.10-22.\n\nFor the stable distribution (etch) these problems have been fixed in version 4.4.4-8+etch4.\n\nThe unstable distribution (sid) no longer contains php4.\n\nWe recommend that you upgrade your PHP packages. Sarge packages for hppa, mips and powerpc are not yet available, due to problems on the build hosts. They will be provided later.", "published": "2007-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-1331", "cvelist": ["CVE-2006-4486", "CVE-2006-0207", "CVE-2007-1864"], "lastseen": "2016-09-02T18:24:50"}, {"id": "DSA-1206", "type": "debian", "title": "php4 -- several vulnerabilities", "description": "Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2005-3353](<https://security-tracker.debian.org/tracker/CVE-2005-3353>)\n\nTim Starling discovered that missing input sanitising in the EXIF module could lead to denial of service.\n\n * [CVE-2006-3017](<https://security-tracker.debian.org/tracker/CVE-2006-3017>)\n\nStefan Esser discovered a security-critical programming error in the hashtable implementation of the internal Zend engine.\n\n * [CVE-2006-4482](<https://security-tracker.debian.org/tracker/CVE-2006-4482>)\n\nIt was discovered that str_repeat() and wordwrap() functions perform insufficient checks for buffer boundaries on 64 bit systems, which might lead to the execution of arbitrary code.\n\n * [CVE-2006-5465](<https://security-tracker.debian.org/tracker/CVE-2006-5465>)\n\nStefan Esser discovered a buffer overflow in the htmlspecialchars() and htmlentities(), which might lead to the execution of arbitrary code.\n\nFor the stable distribution (sarge) these problems have been fixed in version 4:4.3.10-18. Builds for hppa and m68k will be provided later once they are available.\n\nFor the unstable distribution (sid) these problems have been fixed in version 4:4.4.4-4 of php4 and version 5.1.6-6 of php5.\n\nWe recommend that you upgrade your php4 packages.", "published": "2006-11-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1206", "cvelist": ["CVE-2005-3353", "CVE-2006-3017", "CVE-2006-4482", "CVE-2006-5465"], "lastseen": "2016-09-02T18:29:20"}], "centos": [{"id": "CESA-2006:0682-01", "type": "centos", "title": "php security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0682-01\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA response-splitting issue was discovered in the PHP session handling. If\r\na remote attacker can force a carefully crafted session identifier to be\r\nused, a cross-site-scripting or response-splitting attack could be\r\npossible. (CVE-2006-3016)\r\n\r\nA buffer overflow was discovered found in the PHP sscanf() function. If a\r\nscript used the sscanf() function with positional arguments in the format\r\nstring, a remote attacker sending a carefully crafted request could execute\r\narbitrary code as the 'apache' user. (CVE-2006-4020)\r\n\r\nAn integer overflow was discovered in the PHP wordwrap() and str_repeat()\r\nfunctions. If a script running on a 64-bit server used either of these\r\nfunctions on untrusted user data, a remote attacker sending a carefully\r\ncrafted request might be able to cause a heap overflow. (CVE-2006-4482)\r\n\r\nAn integer overflow was discovered in the PHP memory allocation handling. \r\nOn 64-bit platforms, the \"memory_limit\" setting was not enforced correctly,\r\nwhich could allow a denial of service attack by a remote user. (CVE-2006-4486)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues. These packages also contain a\r\nfix for a bug where certain input strings to the metaphone() function could\r\ncause memory corruption.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013285.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-imap\nphp-ldap\nphp-manual\nphp-mysql\nphp-odbc\nphp-pgsql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2006-09-25T01:32:16", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-September/013285.html", "cvelist": ["CVE-2006-4486", "CVE-2006-4020", "CVE-2006-3016", "CVE-2006-4482"], "lastseen": "2018-01-24T23:00:26"}, {"id": "CESA-2006:0669", "type": "centos", "title": "php security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0669\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA response-splitting issue was discovered in the PHP session handling. If\r\na remote attacker can force a carefully crafted session identifier to be\r\nused, a cross-site-scripting or response-splitting attack could be\r\npossible. (CVE-2006-3016)\r\n\r\nA buffer overflow was discovered in the PHP sscanf() function. If a script\r\nused the sscanf() function with positional arguments in the format string,\r\na remote attacker sending a carefully crafted request could execute\r\narbitrary code as the 'apache' user. (CVE-2006-4020)\r\n\r\nAn integer overflow was discovered in the PHP wordwrap() and str_repeat()\r\nfunctions. If a script running on a 64-bit server used either of these\r\nfunctions on untrusted user data, a remote attacker sending a carefully\r\ncrafted request might be able to cause a heap overflow. (CVE-2006-4482)\r\n\r\nA buffer overflow was discovered in the PHP gd extension. If a script was\r\nset up to process GIF images from untrusted sources using the gd extension,\r\na remote attacker could cause a heap overflow. (CVE-2006-4484)\r\n\r\nAn integer overflow was discovered in the PHP memory allocation handling. \r\nOn 64-bit platforms, the \"memory_limit\" setting was not enforced correctly,\r\nwhich could allow a denial of service attack by a remote user. (CVE-2006-4486)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues. These packages also contain a\r\nfix for a bug where certain input strings to the metaphone() function could\r\ncause memory corruption.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013277.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013278.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013279.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013280.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013281.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013282.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013283.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013284.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-domxml\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pear\nphp-pgsql\nphp-snmp\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0669.html", "published": "2006-09-21T11:36:12", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-September/013277.html", "cvelist": ["CVE-2006-4486", "CVE-2006-4484", "CVE-2006-4020", "CVE-2006-3016", "CVE-2006-4482"], "lastseen": "2017-10-12T14:44:57"}, {"id": "CESA-2008:0146", "type": "centos", "title": "gd security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0146\n\n\nThe gd package contains a graphics library used for the dynamic creation of\r\nimages such as PNG and JPEG.\r\n\r\nMultiple issues were discovered in the gd GIF image-handling code. A\r\ncarefully-crafted GIF file could cause a crash or possibly execute code\r\nwith the privileges of the application using the gd library.\r\n(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)\r\n\r\nAn integer overflow was discovered in the gdImageCreateTrueColor()\r\nfunction, leading to incorrect memory allocations. A carefully crafted\r\nimage could cause a crash or possibly execute code with the privileges of\r\nthe application using the gd library. (CVE-2007-3472)\r\n\r\nA buffer over-read flaw was discovered. This could cause a crash in an\r\napplication using the gd library to render certain strings using a\r\nJIS-encoded font. (CVE-2007-0455)\r\n\r\nA flaw was discovered in the gd PNG image handling code. A truncated PNG\r\nimage could cause an infinite loop in an application using the gd library.\r\n(CVE-2007-2756)\r\n\r\nA flaw was discovered in the gd X BitMap (XBM) image-handling code. A\r\nmalformed or truncated XBM image could cause a crash in an application\r\nusing the gd library. (CVE-2007-3473)\r\n\r\nUsers of gd should upgrade to these updated packages, which contain\r\nbackported patches which resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014724.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014729.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014732.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014733.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014738.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014739.html\n\n**Affected packages:**\ngd\ngd-devel\ngd-progs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0146.html", "published": "2008-02-28T19:35:25", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-February/014724.html", "cvelist": ["CVE-2006-4484", "CVE-2007-3476", "CVE-2007-2756", "CVE-2007-3472", "CVE-2007-3475", "CVE-2007-0455", "CVE-2007-3473"], "lastseen": "2017-10-12T14:45:19"}, {"id": "CESA-2006:0730-01", "type": "centos", "title": "php security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0730-01\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nThe Hardened-PHP Project discovered an overflow in the PHP htmlentities()\r\nand htmlspecialchars() routines. If a PHP script used the vulnerable\r\nfunctions to parse UTF-8 data, a remote attacker sending a carefully\r\ncrafted request could trigger the overflow and potentially execute\r\narbitrary code as the 'apache' user. (CVE-2006-5465) \r\n\r\nUsers of PHP should upgrade to these updated packages which contain a\r\nbackported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013355.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-imap\nphp-ldap\nphp-manual\nphp-mysql\nphp-odbc\nphp-pgsql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2006-11-07T22:35:30", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-November/013355.html", "cvelist": ["CVE-2006-5465"], "lastseen": "2017-10-12T14:47:10"}, {"id": "CESA-2006:0730", "type": "centos", "title": "php security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0730\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nThe Hardened-PHP Project discovered an overflow in the PHP htmlentities()\r\nand htmlspecialchars() routines. If a PHP script used the vulnerable\r\nfunctions to parse UTF-8 data, a remote attacker sending a carefully\r\ncrafted request could trigger the overflow and potentially execute\r\narbitrary code as the 'apache' user. (CVE-2006-5465) \r\n\r\nUsers of PHP should upgrade to these updated packages which contain a\r\nbackported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013349.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013350.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013351.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013352.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013353.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013354.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013389.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013390.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-domxml\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pear\nphp-pgsql\nphp-snmp\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0730.html", "published": "2006-11-07T10:23:30", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-November/013349.html", "cvelist": ["CVE-2006-5465"], "lastseen": "2017-10-12T14:45:44"}], "ubuntu": [{"id": "USN-362-1", "type": "ubuntu", "title": "PHP vulnerabilities", "description": "The stripos() function did not check for invalidly long or empty haystack strings. In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter. (CVE-2006-4485)\n\nAn integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the \u201cmemory_limit\u201d setting was not enforced correctly. A remote attacker could exploit this to cause a Denial of Service attack through memory exhaustion. (CVE-2006-4486)\n\nMaksymilian Arciemowicz discovered that security relevant configuration options like open_basedir and safe_mode (which can be configured in Apache\u2019s httpd.conf) could be bypassed and reset to their default value in php.ini by using the ini_restore() function. (CVE-2006-4625)\n\nStefan Esser discovered that the ecalloc() function in the Zend engine did not check for integer overflows. This particularly affected the unserialize() function. In applications which unserialize untrusted user-defined data, this could be exploited to execute arbitrary code with the application\u2019s privileges. (CVE-2006-4812)", "published": "2006-10-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/362-1/", "cvelist": ["CVE-2006-4486", "CVE-2006-4625", "CVE-2006-4485", "CVE-2006-4812"], "lastseen": "2018-03-29T18:18:52"}, {"id": "USN-342-1", "type": "ubuntu", "title": "PHP vulnerabilities", "description": "The sscanf() function did not properly check array boundaries. In applications which use sscanf() with argument swapping, a remote attacker could potentially exploit this to crash the affected web application or even execute arbitrary code with the application\u2019s privileges. (CVE-2006-4020)\n\nThe file_exists() and imap_reopen() functions did not perform proper open_basedir and safe_mode checks which could allow local scripts to bypass intended restrictions. (CVE-2006-4481)\n\nOn 64 bit systems the str_repeat() and wordwrap() functions did not properly check buffer boundaries. Depending on the application, this could potentially be exploited to execute arbitrary code with the applications\u2019 privileges. This only affects the amd64 and sparc platforms. (CVE-2006-4482)\n\nA buffer overflow was discovered in the LWZReadByte_() function of the GIF image file parser. By tricking a PHP application into processing a specially crafted GIF image, a remote attacker could exploit this to execute arbitrary code with the application\u2019s privileges. (CVE-2006-4484)", "published": "2006-09-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/342-1/", "cvelist": ["CVE-2006-4484", "CVE-2006-4020", "CVE-2006-4482", "CVE-2006-4481"], "lastseen": "2018-03-29T18:21:21"}, {"id": "USN-320-1", "type": "ubuntu", "title": "PHP vulnerabilities", "description": "The phpinfo() PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). Please note that it is not recommended to publicly expose phpinfo(). (CVE-2006-0996)\n\nAn information disclosure has been reported in the html_entity_decode() function. A script which uses this function to process arbitrary user-supplied input could be exploited to expose a random part of memory, which could potentially reveal sensitive data. (CVE-2006-1490)\n\nThe wordwrap() function did not sufficiently check the validity of the \u2018break\u2019 argument. An attacker who could control the string passed to the \u2018break\u2019 parameter could cause a heap overflow; however, this should not happen in practical applications. (CVE-2006-1990)\n\nThe substr_compare() function did not sufficiently check the validity of the \u2018offset\u2019 argument. A script which passes untrusted user-defined values to this parameter could be exploited to crash the PHP interpreter. (CVE-2006-1991)\n\nIn certain situations, using unset() to delete a hash entry could cause the deletion of the wrong element, which would leave the specified variable defined. This could potentially cause information disclosure in security-relevant operations. (CVE-2006-3017)\n\nIn certain situations the session module attempted to close a data file twice, which led to memory corruption. This could potentially be exploited to crash the PHP interpreter, though that could not be verified. (CVE-2006-3018)\n\nThis update also fixes various bugs which allowed local scripts to bypass open_basedir and \u2018safe mode\u2019 restrictions by passing special arguments to tempnam() (CVE-2006-1494, CVE-2006-2660), copy() (CVE-2006-1608), the curl module (CVE-2006-2563), or error_log() (CVE-2006-3011).", "published": "2006-07-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/320-1/", "cvelist": ["CVE-2006-2563", "CVE-2006-3011", "CVE-2006-0996", "CVE-2006-1990", "CVE-2006-2660", "CVE-2006-3017", "CVE-2006-3016", "CVE-2006-1991", "CVE-2006-1608", "CVE-2006-3018", "CVE-2006-1490", "CVE-2006-1494"], "lastseen": "2018-03-29T18:17:18"}, {"id": "USN-375-1", "type": "ubuntu", "title": "PHP vulnerability", "description": "Stefan Esser discovered two buffer overflows in the htmlentities() and htmlspecialchars() functions. By supplying specially crafted input to PHP applications which process that input with these functions, a remote attacker could potentially exploit this to execute arbitrary code with the privileges of the application. (CVE-2006-5465)\n\nThis update also fixes bugs in the chdir() and tempnam() functions, which did not perform proper open_basedir checks. This could allow local scripts to bypass intended restrictions.", "published": "2006-11-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/375-1/", "cvelist": ["CVE-2006-5465", "CVE-2006-5706"], "lastseen": "2018-03-29T18:20:03"}], "redhat": [{"id": "RHSA-2006:0669", "type": "redhat", "title": "(RHSA-2006:0669) php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA response-splitting issue was discovered in the PHP session handling. If\r\na remote attacker can force a carefully crafted session identifier to be\r\nused, a cross-site-scripting or response-splitting attack could be\r\npossible. (CVE-2006-3016)\r\n\r\nA buffer overflow was discovered in the PHP sscanf() function. If a script\r\nused the sscanf() function with positional arguments in the format string,\r\na remote attacker sending a carefully crafted request could execute\r\narbitrary code as the 'apache' user. (CVE-2006-4020)\r\n\r\nAn integer overflow was discovered in the PHP wordwrap() and str_repeat()\r\nfunctions. If a script running on a 64-bit server used either of these\r\nfunctions on untrusted user data, a remote attacker sending a carefully\r\ncrafted request might be able to cause a heap overflow. (CVE-2006-4482)\r\n\r\nA buffer overflow was discovered in the PHP gd extension. If a script was\r\nset up to process GIF images from untrusted sources using the gd extension,\r\na remote attacker could cause a heap overflow. (CVE-2006-4484)\r\n\r\nAn integer overflow was discovered in the PHP memory allocation handling. \r\nOn 64-bit platforms, the \"memory_limit\" setting was not enforced correctly,\r\nwhich could allow a denial of service attack by a remote user. (CVE-2006-4486)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues. These packages also contain a\r\nfix for a bug where certain input strings to the metaphone() function could\r\ncause memory corruption.", "published": "2006-09-21T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0669", "cvelist": ["CVE-2006-3016", "CVE-2006-4020", "CVE-2006-4482", "CVE-2006-4484", "CVE-2006-4486"], "lastseen": "2017-09-09T07:19:17"}, {"id": "RHSA-2006:0682", "type": "redhat", "title": "(RHSA-2006:0682) php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA response-splitting issue was discovered in the PHP session handling. If\r\na remote attacker can force a carefully crafted session identifier to be\r\nused, a cross-site-scripting or response-splitting attack could be\r\npossible. (CVE-2006-3016)\r\n\r\nA buffer overflow was discovered found in the PHP sscanf() function. If a\r\nscript used the sscanf() function with positional arguments in the format\r\nstring, a remote attacker sending a carefully crafted request could execute\r\narbitrary code as the 'apache' user. (CVE-2006-4020)\r\n\r\nAn integer overflow was discovered in the PHP wordwrap() and str_repeat()\r\nfunctions. If a script running on a 64-bit server used either of these\r\nfunctions on untrusted user data, a remote attacker sending a carefully\r\ncrafted request might be able to cause a heap overflow. (CVE-2006-4482)\r\n\r\nAn integer overflow was discovered in the PHP memory allocation handling. \r\nOn 64-bit platforms, the \"memory_limit\" setting was not enforced correctly,\r\nwhich could allow a denial of service attack by a remote user. (CVE-2006-4486)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues. These packages also contain a\r\nfix for a bug where certain input strings to the metaphone() function could\r\ncause memory corruption.", "published": "2006-09-21T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0682", "cvelist": ["CVE-2006-3016", "CVE-2006-4020", "CVE-2006-4482", "CVE-2006-4486"], "lastseen": "2018-03-28T01:01:13"}, {"id": "RHSA-2006:0688", "type": "redhat", "title": "(RHSA-2006:0688) php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nAn integer overflow was discovered in the PHP memory handling routines. If\r\na script can cause memory allocation based on untrusted user data, a remote\r\nattacker sending a carefully crafted request could execute arbitrary code\r\nas the 'apache' user. (CVE-2006-4812)\r\n\r\nA buffer overflow was discovered in the PHP sscanf() function. If a script\r\nused the sscanf() function with positional arguments in the format string,\r\na remote attacker sending a carefully crafted request could execute\r\narbitrary code as the 'apache' user. (CVE-2006-4020)\r\n\r\nAn integer overflow was discovered in the PHP wordwrap() and str_repeat()\r\nfunctions. If a script running on a 64-bit server used either of these\r\nfunctions on untrusted user data, a remote attacker sending a carefully\r\ncrafted request might be able to cause a heap overflow. (CVE-2006-4482)\r\n\r\nA buffer overflow was discovered in the PHP gd extension. If a script was\r\nset up to process GIF images from untrusted sources using the gd extension,\r\na remote attacker could cause a heap overflow. (CVE-2006-4484)\r\n\r\nA buffer overread was discovered in the PHP stripos() function. If a\r\nscript used the stripos() function with untrusted user data, PHP may read\r\npast the end of a buffer, which could allow a denial of service attack by a\r\nremote user. (CVE-2006-4485)\r\n\r\nAn integer overflow was discovered in the PHP memory allocation handling. \r\nOn 64-bit platforms, the \"memory_limit\" setting was not enforced correctly,\r\nwhich could allow a denial of service attack by a remote user. (CVE-2006-4486)\r\n\r\nThese packages also contain a fix for a bug where certain input strings to\r\nthe metaphone() function could cause memory corruption.\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches to correct these issues.", "published": "2006-10-05T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0688", "cvelist": ["CVE-2006-4020", "CVE-2006-4482", "CVE-2006-4484", "CVE-2006-4485", "CVE-2006-4486", "CVE-2006-4812"], "lastseen": "2018-05-06T19:00:58"}, {"id": "RHSA-2008:0146", "type": "redhat", "title": "(RHSA-2008:0146) Moderate: gd security update", "description": "The gd package contains a graphics library used for the dynamic creation of\r\nimages such as PNG and JPEG.\r\n\r\nMultiple issues were discovered in the gd GIF image-handling code. A\r\ncarefully-crafted GIF file could cause a crash or possibly execute code\r\nwith the privileges of the application using the gd library.\r\n(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)\r\n\r\nAn integer overflow was discovered in the gdImageCreateTrueColor()\r\nfunction, leading to incorrect memory allocations. A carefully crafted\r\nimage could cause a crash or possibly execute code with the privileges of\r\nthe application using the gd library. (CVE-2007-3472)\r\n\r\nA buffer over-read flaw was discovered. This could cause a crash in an\r\napplication using the gd library to render certain strings using a\r\nJIS-encoded font. (CVE-2007-0455)\r\n\r\nA flaw was discovered in the gd PNG image handling code. A truncated PNG\r\nimage could cause an infinite loop in an application using the gd library.\r\n(CVE-2007-2756)\r\n\r\nA flaw was discovered in the gd X BitMap (XBM) image-handling code. A\r\nmalformed or truncated XBM image could cause a crash in an application\r\nusing the gd library. (CVE-2007-3473)\r\n\r\nUsers of gd should upgrade to these updated packages, which contain\r\nbackported patches which resolve these issues.", "published": "2008-02-28T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0146", "cvelist": ["CVE-2006-4484", "CVE-2007-0455", "CVE-2007-2756", "CVE-2007-3472", "CVE-2007-3473", "CVE-2007-3475", "CVE-2007-3476"], "lastseen": "2017-09-09T07:19:34"}, {"id": "RHSA-2006:0730", "type": "redhat", "title": "(RHSA-2006:0730) php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nThe Hardened-PHP Project discovered an overflow in the PHP htmlentities()\r\nand htmlspecialchars() routines. If a PHP script used the vulnerable\r\nfunctions to parse UTF-8 data, a remote attacker sending a carefully\r\ncrafted request could trigger the overflow and potentially execute\r\narbitrary code as the 'apache' user. (CVE-2006-5465) \r\n\r\nUsers of PHP should upgrade to these updated packages which contain a\r\nbackported patch to correct this issue.", "published": "2006-11-06T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0730", "cvelist": ["CVE-2006-5465"], "lastseen": "2018-05-11T21:14:12"}, {"id": "RHSA-2006:0731", "type": "redhat", "title": "(RHSA-2006:0731) Important: php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nThe Hardened-PHP Project discovered an overflow in the PHP htmlentities()\r\nand htmlspecialchars() routines. If a PHP script used the vulnerable\r\nfunctions to parse UTF-8 data, a remote attacker sending a carefully\r\ncrafted request could trigger the overflow and potentially execute\r\narbitrary code as the 'apache' user. (CVE-2006-5465) \r\n\r\nUsers of PHP should upgrade to these updated packages which contain a\r\nbackported patch to correct this issue.", "published": "2006-11-10T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0731", "cvelist": ["CVE-2006-5465"], "lastseen": "2018-05-06T19:01:18"}], "freebsd": [{"id": "EA09C5DF-4362-11DB-81E1-000E0C2E438A", "type": "freebsd", "title": "php -- multiple vulnerabilities", "description": "\nThe PHP development team reports:\n\n\nAdded missing safe_mode/open_basedir checks inside the\n\t error_log(), file_exists(), imap_open() and imap_reopen()\n\t functions.\nFixed overflows inside str_repeat() and wordwrap()\n\t functions on 64bit systems.\nFixed possible open_basedir/safe_mode bypass in cURL\n\t extension and with realpath cache.\nFixed overflow in GD extension on invalid GIF\n\t images.\nFixed a buffer overflow inside sscanf() function.\nFixed an out of bounds read inside stripos()\n\t function.\nFixed memory_limit restriction on 64 bit system.\n\n\n", "published": "2006-08-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/ea09c5df-4362-11db-81e1-000e0c2e438a.html", "cvelist": ["CVE-2006-4486", "CVE-2006-4483", "CVE-2006-4484", "CVE-2006-4485", "CVE-2006-4482", "CVE-2006-4481"], "lastseen": "2016-09-26T17:25:05"}], "oraclelinux": [{"id": "ELSA-2006-0730", "type": "oraclelinux", "title": "Important php security update ", "description": " [4.3.9-3.22]\n - avoid default pear.conf change\n \n [4.3.9-3.21]\n - add security fix for CVE-2006-5465 from upstream\n \n [4.3.9-3.20]\n - add fix for php_error varargs use (#199947)\n \n [4.3.9-3.18]\n - rebuild\n \n [4.3.9-3.17]\n - add security fix from upstream: CVE-2006-4484\n - add metaphone() fix (#205714)\n \n [4.3.9-3.16]\n - add security fixes from upstream:\n CVE-2006-3016, CVE-2006-4020, CVE-2006-4482, CVE-2006-4486 ", "published": "2006-11-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2006-0730.html", "cvelist": ["CVE-2006-4486", "CVE-2006-4484", "CVE-2006-4020", "CVE-2006-3016", "CVE-2006-4482", "CVE-2006-5465"], "lastseen": "2016-09-04T11:16:00"}, {"id": "ELSA-2006-0669", "type": "oraclelinux", "title": "Important php security update ", "description": " [4.3.9-3.22]\n - avoid default pear.conf change\n \n [4.3.9-3.21]\n - add security fix for CVE-2006-5465 from upstream\n \n [4.3.9-3.20]\n - add fix for php_error varargs use (#199947)\n \n [4.3.9-3.18]\n - rebuild\n \n [4.3.9-3.17]\n - add security fix from upstream: CVE-2006-4484\n - add metaphone() fix (#205714)\n \n [4.3.9-3.16]\n - add security fixes from upstream:\n CVE-2006-3016, CVE-2006-4020, CVE-2006-4482, CVE-2006-4486 ", "published": "2006-11-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2006-0669.html", "cvelist": ["CVE-2006-4486", "CVE-2006-4484", "CVE-2006-4020", "CVE-2006-3016", "CVE-2006-4482", "CVE-2006-5465"], "lastseen": "2016-09-04T11:16:25"}, {"id": "ELSA-2008-0146", "type": "oraclelinux", "title": "Moderate: gd security update ", "description": " [2.0.28-5.E4.1]\n - security fixes\n - Resolves: #432784 ", "published": "2008-02-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0146.html", "cvelist": ["CVE-2006-4484", "CVE-2007-3476", "CVE-2007-2756", "CVE-2007-3472", "CVE-2007-3475", "CVE-2007-0455", "CVE-2007-3473"], "lastseen": "2016-09-04T11:16:11"}], "suse": [{"id": "SUSE-SA:2006:052", "type": "suse", "title": "remote code execution in php4,php5", "description": "Various security problems have been fixed in the PHP script language engine and its modules, versions 4 and 5.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2006-09-21T10:05:51", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2006-09/msg00018.html", "cvelist": ["CVE-2006-4486", "CVE-2006-2563", "CVE-2006-4483", "CVE-2006-4484", "CVE-2006-4020", "CVE-2006-4482", "CVE-2006-4481"], "lastseen": "2016-09-04T12:23:04"}, {"id": "SUSE-SA:2006:067", "type": "suse", "title": "remote code execution in php4,php5", "description": "This update fixes the following security problems in the PHP scripting language:\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2006-11-15T14:56:56", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2006-11/msg00016.html", "cvelist": ["CVE-2006-5465"], "lastseen": "2016-09-04T12:38:06"}], "gentoo": [{"id": "GLSA-200802-01", "type": "gentoo", "title": "SDL_image: Two buffer overflow vulnerabilities", "description": "### Background\n\nSDL_image is an image file library that loads images as SDL surfaces, and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM, TGA, TIFF, XCF, XPM, and XV. \n\n### Description\n\nThe LWZReadByte() function in file IMG_gif.c and the IMG_LoadLBM_RW() function in file IMG_lbm.c each contain a boundary error that can be triggered to cause a static buffer overflow and a heap-based buffer overflow. The first boundary error comes from some old vulnerable GD PHP code (CVE-2006-4484). \n\n### Impact\n\nA remote attacker can make an application using the SDL_image library to process a specially crafted GIF file or IFF ILBM file that will trigger a buffer overflow, resulting in the execution of arbitrary code with the permissions of the application or the application crash. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll SDL_image users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/sdl-image-1.2.6-r1\"", "published": "2008-02-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200802-01", "cvelist": ["CVE-2006-4484", "CVE-2008-0544", "CVE-2007-6697"], "lastseen": "2016-09-06T19:47:00"}, {"id": "GLSA-200608-28", "type": "gentoo", "title": "PHP: Arbitary code execution", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nThe sscanf() PHP function contains an array boundary error that can be exploited to dereference a null pointer. This can possibly allow the bypass of the safe mode protection by executing arbitrary code. \n\n### Impact\n\nA remote attacker might be able to exploit this vulnerability in PHP applications making use of the sscanf() function, potentially resulting in the execution of arbitrary code or the execution of scripted contents in the context of the affected site. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PHP 4.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-4.4.3-r1\"\n\nAll PHP 5.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.1.4-r6\"", "published": "2006-08-29T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200608-28", "cvelist": ["CVE-2006-4020"], "lastseen": "2016-09-06T19:46:24"}, {"id": "GLSA-200703-21", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nSeveral vulnerabilities were found in PHP by the Hardened-PHP Project and other researchers. These vulnerabilities include a heap-based buffer overflow in htmlentities() and htmlspecialchars() if called with UTF-8 parameters, and an off-by-one error in str_ireplace(). Other vulnerabilities were also found in the PHP4 branch, including possible overflows, stack corruptions and a format string vulnerability in the *print() functions on 64 bit systems. \n\n### Impact\n\nRemote attackers might be able to exploit these issues in PHP applications making use of the affected functions, potentially resulting in the execution of arbitrary code, Denial of Service, execution of scripted contents in the context of the affected site, security bypass or information leak. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PHP users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"dev-lang/php\"", "published": "2007-03-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200703-21", "cvelist": ["CVE-2007-0907", "CVE-2007-0909", "CVE-2007-1375", "CVE-2007-0911", "CVE-2007-0910", "CVE-2007-1383", "CVE-2007-0988", "CVE-2007-1286", "CVE-2007-1376", "CVE-2007-1380", "CVE-2007-0906", "CVE-2007-0908", "CVE-2006-5465"], "lastseen": "2016-09-06T19:46:06"}], "exploitdb": [{"id": "EDB-ID:2193", "type": "exploitdb", "title": "PHP <= 4.4.3 / 5.1.4 sscanf Local Buffer Overflow Exploit", "description": "PHP <= 4.4.3 / 5.1.4 (sscanf) Local Buffer Overflow Exploit. CVE-2006-4020. Local exploit for linux platform", "published": "2006-08-16T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/2193/", "cvelist": ["CVE-2006-4020"], "lastseen": "2016-01-31T15:43:46"}], "slackware": [{"id": "SSA-2006-307-01", "type": "slackware", "title": "php", "description": "New php packages are available for Slackware 10.2 and 11.0 to\nfix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465\n\n\nHere are the details from the Slackware 11.0 ChangeLog:\n\nextra/php5/php-5.2.0-i486-1.tgz: Upgraded to php-5.2.0.\n This release "includes a large number of new features, bug fixes and security\n enhancements." In particular, when the UTF-8 charset is selected there are\n buffer overflows in the htmlspecialchars() and htmlentities() that may be\n exploited to execute arbitrary code.\n More details about the vulnerability may be found here:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465\n Further details about the release can be found in the release announcement:\n http://www.php.net/releases/5_2_0.php\n Some syntax has changed since PHP 5.1.x. An upgrading guide may be found at\n this location:\n http://www.php.net/UPDATE_5_2.txt\n This package was placed in /extra rather than /patches to save people from\n possible surprises with automated upgrade tools, since users of PHP4 and\n PHP 5.1.x applications may need to make some code changes before things will\n work again.\n (* Security fix *)\npatches/packages/php-4.4.4-i486-4_slack11.0.tgz: Patched the UTF-8 overflow.\n More details about the vulnerability may be found here:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/php-4.4.4-i486-2_slack10.2.tgz\n\nUpdated packages for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/php-4.4.4-i486-4_slack11.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.0-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\n2c7e99db93c5f4268ab510b72439ec6a php-4.4.4-i486-2_slack10.2.tgz\n\nSlackware 11.0 packages:\n9d42f4fd0cb8513ad34fae54be5a7450 php-4.4.4-i486-4_slack11.0.tgz\n74a26ae3673b25a88cb7cd162bf37dfa php-5.2.0-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg php-4.4.4-i486-4_slack11.0.tgz", "published": "2006-11-03T22:26:28", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.453339", "cvelist": ["CVE-2006-5465"], "lastseen": "2018-02-02T18:11:37"}], "seebug": [{"id": "SSV:623", "type": "seebug", "title": "Apple Mac OS X 2006-007\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "description": "Apple Mac OS X\u662f\u4e00\u6b3e\u57fa\u4e8eBSD\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple Mac OS X\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8fdc\u7a0b\u548c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u6076\u610f\u4ee3\u7801\u6267\u884c\uff0c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\uff0c\u7279\u6743\u63d0\u5347\uff0c\u8986\u76d6\u6587\u4ef6\uff0c\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u7b49\u653b\u51fb\u3002\r\n\r\n\u5177\u4f53\u95ee\u9898\u5982\u4e0b\uff1a\r\n\r\nAirPort\uff0dCVE-ID: CVE-2006-5710\uff1a\r\n\r\nAirPort\u65e0\u7ebf\u9a71\u52a8\u4e0d\u6b63\u786e\u5904\u7406\u5e94\u7b54\u5e27\uff0c\u53ef\u5bfc\u81f4\u57fa\u4e8e\u5806\u7684\u6ea2\u51fa\u3002\r\n\r\nATS\uff0dCVE-ID: CVE-2006-4396\uff1a\r\n\r\nApple Type\u670d\u52a1\u4e0d\u5b89\u5168\u5efa\u7acb\u9519\u8bef\u65e5\u81f3\u53ef\u5bfc\u81f4\u4efb\u610f\u6587\u4ef6\u8986\u76d6\u3002\r\n\r\nATS\uff0dCVE-ID: CVE-2006-4398\uff1a\r\n\r\nApple Type\u670d\u52a1\u5b58\u5728\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u5bfc\u81f4\u4ee5\u9ad8\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nATS\uff0dCVE-ID: CVE-2006-4400\uff1a\r\n\r\n\u5229\u7528\u7279\u6b8a\u7684\u5b57\u4f53\u6587\u4ef6\uff0c\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n\r\nCFNetwork\uff0dCVE-ID: CVE-2006-4401\uff1a\r\n\r\n\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u6076\u610fftp URI\uff0c\u53ef\u5bfc\u81f4\u4efb\u610fftp\u547d\u4ee4\u6267\u884c\u3002\r\n\r\nClamAV\uff0dCVE-ID: CVE-2006-4182\uff1a\r\n\r\n\u6076\u610femail\u6d88\u606f\u53ef\u5bfc\u81f4ClamAV\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nFinder\uff0dCVE-ID: CVE-2006-4402\uff1a\r\n\r\n\u901a\u8fc7\u6d4f\u89c8\u5171\u4eab\u76ee\u5f55\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nftpd\uff0dCVE-ID: CVE-2006-4403\uff1a\r\n\r\n\u5f53ftp\u8bbf\u95ee\u542f\u7528\u65f6\uff0c\u672a\u6388\u6743\u7528\u6237\u53ef\u5224\u522b\u5408\u6cd5\u7684\u8d26\u6237\u540d\u3002\r\n\r\ngnuzip\uff0dCVE-ID: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338\uff1a\r\n\r\ngunzip\u5904\u7406\u538b\u7f29\u6587\u4ef6\u5b58\u5728\u591a\u4e2a\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nInstaller\uff0dCVE-ID: CVE-2006-4404\uff1a\r\n\r\n\u5f53\u4ee5\u7ba1\u7406\u7528\u6237\u5b89\u88c5\u8f6f\u4ef6\u65f6\uff0c\u7cfb\u7edf\u6743\u9650\u53ef\u80fd\u88ab\u672a\u6388\u6743\u5229\u7528\u3002\r\n\r\nOpenSSL\uff0dCVE-ID: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, CVE-2006-4343\uff1a\r\n\r\nOpenSSL\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u95ee\u9898\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6216\u8005\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002\r\n\r\nperl\uff0dCVE-ID: CVE-2005-3962\uff1a\r\n\r\n\u4e0d\u5b89\u5168\u5904\u7406\u5b57\u7b26\u4e32\uff0c\u53ef\u5bfc\u81f4Perl\u5e94\u7528\u7a0b\u5e8f\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nPHP\uff0dCVE-ID: CVE-2006-1490, CVE-2006-1990\uff1a\r\n\r\nPhp\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u591a\u4e2a\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nPHP\uff0dCVE-ID: CVE-2006-5465\uff1a\r\n\r\nPHP\u7684htmlentities()\u548chtmlspecialchars()\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n\r\nPPP\uff0dCVE-ID: CVE-2006-4406\uff1a\r\n\r\n\u5728\u4e0d\u53ef\u4fe1\u7684\u672c\u5730\u7f51\u7edc\u4e0a\u4f7f\u7528PPPoE\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n\r\nSamba\uff0dCVE-ID: CVE-2006-3403\uff1a\r\n\r\n\u5f53Windows\u5171\u4eab\u4f7f\u7528\u65f6\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n\r\nSecurity Framework\uff0dCVE-ID: CVE-2006-4407\uff1a\r\n\r\n\u4e0d\u5b89\u5168\u7684\u4f20\u9001\u65b9\u6cd5\u53ef\u5bfc\u81f4\u4e0d\u534f\u5546\u6700\u5b89\u5168\u7684\u52a0\u5bc6\u4fe1\u606f\u3002\r\n\r\nSecurity Framework\uff0dCVE-ID: CVE-2006-4408\uff1a\r\n\r\n\u5904\u7406X.509\u8bc1\u4e66\u65f6\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n\r\nSecurity Framework\uff0dCVE-ID: CVE-2006-4409\uff1a\r\n\r\n\u5f53\u4f7f\u7528http\u4ee3\u7406\u65f6\uff0c\u8bc1\u4e66\u5e9f\u5f03\u5217\u8868\u4e0d\u80fd\u83b7\u5f97\u3002\r\n\r\nSecurity Framework\uff0dCVE-ID: CVE-2006-4410\uff1a\r\n\r\n\u90e8\u5206\u8c03\u7528\u8bc1\u4e66\u9519\u8bef\u7684\u88ab\u6388\u6743\u3002\r\n\r\nVPN\uff0dCVE-ID: CVE-2006-4411:\r\n\r\n\u6076\u610f\u672c\u5730\u7528\u6237\u53ef\u83b7\u5f97\u7cfb\u7edf\u7279\u6743\u3002\r\n\r\nWebKit\uff0dCVE-ID: CVE-2006-4412\uff1a\r\n\r\n\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u6d4f\u89c8\u6076\u610fweb\u9875\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n\n\nApple Mac OS X Server 10.4.8\r\nApple Mac OS X Server 10.4.7\r\nApple Mac OS X Server 10.4.6\r\nApple Mac OS X Server 10.4.5\r\nApple Mac OS X Server 10.4.4\r\nApple Mac OS X Server 10.4.3\r\nApple Mac OS X Server 10.4.2\r\nApple Mac OS X Server 10.4.1\r\nApple Mac OS X Server 10.4\r\nApple Mac OS X Server 10.3.9\r\nApple Mac OS X Server 10.3.8\r\nApple Mac OS X Server 10.3.7\r\nApple Mac OS X Server 10.3.6\r\nApple Mac OS X Server 10.3.5\r\nApple Mac OS X Server 10.3.4\r\nApple Mac OS X Server 10.3.3\r\nApple Mac OS X Server 10.3.2\r\nApple Mac OS X Server 10.3.1\r\nApple Mac OS X Server 10.3\r\nApple Mac OS X Server 10.2.8\r\nApple Mac OS X Server 10.2.7\r\nApple Mac OS X Server 10.2.6\r\nApple Mac OS X Server 10.2.5\r\nApple Mac OS X Server 10.2.4\r\nApple Mac OS X Server 10.2.3\r\nApple Mac OS X Server 10.2.2\r\nApple Mac OS X Server 10.2.1\r\nApple Mac OS X Server 10.2\r\nApple Mac OS X Server 10.1.5\r\nApple Mac OS X Server 10.1.4\r\nApple Mac OS X Server 10.1.3\r\nApple Mac OS X Server 10.1.2\r\nApple Mac OS X Server 10.1.1\r\nApple Mac OS X Server 10.1\r\nApple Mac OS X Server 10.0\r\nApple Mac OS X 10.4.8\r\nApple Mac OS X 10.4.7\r\nApple Mac OS X 10.4.6\r\nApple Mac OS X 10.4.5\r\nApple Mac OS X 10.4.4\r\nApple Mac OS X 10.4.3\r\nApple Mac OS X 10.4.2\r\nApple Mac OS X 10.4.1\r\nApple Mac OS X 10.4\r\nApple Mac OS X 10.3.9\r\nApple Mac OS X 10.3.8\r\nApple Mac OS X 10.3.7\r\nApple Mac OS X 10.3.6\r\nApple Mac OS X 10.3.5\r\nApple Mac OS X 10.3.4\r\nApple Mac OS X 10.3.3\r\nApple Mac OS X 10.3.2\r\nApple Mac OS X 10.3.1\r\nApple Mac OS X 10.3\r\nApple Mac OS X 10.2.8\r\nApple Mac OS X 10.2.7\r\nApple Mac OS X 10.2.6\r\nApple Mac OS X 10.2.5\r\nApple Mac OS X 10.2.4\r\nApple Mac OS X 10.2.3\r\nApple Mac OS X 10.2.2\r\nApple Mac OS X 10.2.1\r\nApple Mac OS X 10.2\r\nApple Mac OS X 10.1.5\r\nApple Mac OS X 10.1.4\r\nApple Mac OS X 10.1.3\r\nApple Mac OS X 10.1.2\r\nApple Mac OS X 10.1.1\r\nApple Mac OS X 10.1\r\nApple Mac OS X 10.1\r\nApple Mac OS X 10.0.4\r\nApple Mac OS X 10.0.3\r\nApple Mac OS X 10.0.2\r\nApple Mac OS X 10.0.1\r\nApple Mac OS X 10.0 3\r\nApple Mac OS X 10.0 \r\n\n <a href=\"http://docs.info.apple.com/article.html?artnum=304829\" target=\"_blank\">http://docs.info.apple.com/article.html?artnum=304829</a>", "published": "2006-11-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-623", "cvelist": ["CVE-2005-3962", "CVE-2006-1490", "CVE-2006-1990", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3403", "CVE-2006-3738", "CVE-2006-4182", "CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4396", "CVE-2006-4398", "CVE-2006-4400", "CVE-2006-4401", "CVE-2006-4402", "CVE-2006-4403", "CVE-2006-4404", "CVE-2006-4406", "CVE-2006-4407", "CVE-2006-4408", "CVE-2006-4409", "CVE-2006-4410", "CVE-2006-4411", "CVE-2006-4412", "CVE-2006-5465", "CVE-2006-5710"], "lastseen": "2017-11-19T22:20:08"}]}}
