PHP vulnerability

2006-11-0300:00:00

ubuntu.com

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.492 Medium

EPSS

Percentile

97.5%

JSON

Releases

Ubuntu 6.10
Ubuntu 6.06
Ubuntu 5.10

Details

Stefan Esser discovered two buffer overflows in the htmlentities() and
htmlspecialchars() functions. By supplying specially crafted input to
PHP applications which process that input with these functions, a
remote attacker could potentially exploit this to execute arbitrary
code with the privileges of the application. (CVE-2006-5465)

This update also fixes bugs in the chdir() and tempnam() functions,
which did not perform proper open_basedir checks. This could allow
local scripts to bypass intended restrictions.

OSVersionArchitecturePackageVersionFilename
Ubuntu6.10noarchphp5-cli< 5.1.6-1ubuntu2.1UNKNOWN
Ubuntu6.10noarchlibapache2-mod-php5< 5.1.6-1ubuntu2.1UNKNOWN
Ubuntu6.06noarchphp5-cli< 5.1.2-1ubuntu3.4UNKNOWN
Ubuntu6.06noarchlibapache2-mod-php5< 5.1.2-1ubuntu3.4UNKNOWN
Ubuntu5.10noarchphp5-cli< 5.0.5-2ubuntu1.6UNKNOWN
Ubuntu5.10noarchlibapache2-mod-php5< 5.0.5-2ubuntu1.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	6.10	noarch	php5-cli	< 5.1.6-1ubuntu2.1	UNKNOWN
Ubuntu	6.10	noarch	libapache2-mod-php5	< 5.1.6-1ubuntu2.1	UNKNOWN
Ubuntu	6.06	noarch	php5-cli	< 5.1.2-1ubuntu3.4	UNKNOWN
Ubuntu	6.06	noarch	libapache2-mod-php5	< 5.1.2-1ubuntu3.4	UNKNOWN
Ubuntu	5.10	noarch	php5-cli	< 5.0.5-2ubuntu1.6	UNKNOWN
Ubuntu	5.10	noarch	libapache2-mod-php5	< 5.0.5-2ubuntu1.6	UNKNOWN