Lucene search

K
ubuntuUbuntuUSN-320-1
HistoryJul 19, 2006 - 12:00 a.m.

PHP vulnerabilities

2006-07-1900:00:00
ubuntu.com
81

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.247 Low

EPSS

Percentile

96.7%

Releases

  • Ubuntu 6.06
  • Ubuntu 5.10
  • Ubuntu 5.04

Details

The phpinfo() PHP function did not properly sanitize long strings. A
remote attacker could use this to perform cross-site scripting attacks
against sites that have publicly-available PHP scripts that call
phpinfo(). Please note that it is not recommended to publicly expose
phpinfo(). (CVE-2006-0996)

An information disclosure has been reported in the
html_entity_decode() function. A script which uses this function to
process arbitrary user-supplied input could be exploited to expose a
random part of memory, which could potentially reveal sensitive data.
(CVE-2006-1490)

The wordwrap() function did not sufficiently check the validity of the
‘break’ argument. An attacker who could control the string passed to
the ‘break’ parameter could cause a heap overflow; however, this
should not happen in practical applications. (CVE-2006-1990)

The substr_compare() function did not sufficiently check the validity
of the ‘offset’ argument. A script which passes untrusted user-defined
values to this parameter could be exploited to crash the PHP
interpreter. (CVE-2006-1991)

In certain situations, using unset() to delete a hash entry could
cause the deletion of the wrong element, which would leave the
specified variable defined. This could potentially cause information
disclosure in security-relevant operations. (CVE-2006-3017)

In certain situations the session module attempted to close a data
file twice, which led to memory corruption. This could potentially be
exploited to crash the PHP interpreter, though that could not be
verified. (CVE-2006-3018)

This update also fixes various bugs which allowed local scripts
to bypass open_basedir and ‘safe mode’ restrictions by passing special
arguments to tempnam() (CVE-2006-1494, CVE-2006-2660), copy()
(CVE-2006-1608), the curl module (CVE-2006-2563), or error_log()
(CVE-2006-3011).

OSVersionArchitecturePackageVersionFilename
Ubuntu6.06noarchphp5-cli< 5.1.2-1ubuntu3.1UNKNOWN
Ubuntu6.06noarchphp5-cgi< 5.1.2-1ubuntu3.1UNKNOWN
Ubuntu6.06noarchlibapache2-mod-php5< 5.1.2-1ubuntu3.1UNKNOWN
Ubuntu6.06noarchphp5-curl< 5.1.2-1ubuntu3.1UNKNOWN
Ubuntu5.10noarchphp5-cli< 5.0.5-2ubuntu1.3UNKNOWN
Ubuntu5.10noarchphp5-cgi< 5.0.5-2ubuntu1.3UNKNOWN
Ubuntu5.10noarchlibapache2-mod-php5< 5.0.5-2ubuntu1.3UNKNOWN
Ubuntu5.10noarchphp5-curl< 5.0.5-2ubuntu1.3UNKNOWN
Ubuntu5.04noarchlibapache2-mod-php4< 4:4.3.10-10ubuntu4.5UNKNOWN
Ubuntu5.04noarchphp4-cgi< 4:4.3.10-10ubuntu4.5UNKNOWN
Rows per page:
1-10 of 111

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.247 Low

EPSS

Percentile

96.7%