Vulnerabilities > CVE-2006-1549 - Resource Management Errors vulnerability in PHP 4.4.2/5.1.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. Upgrade to PHP 5.1.3-RC3
Common Weakness Enumeration (CWE)
Exploit-Db
| description | PHP 4/5 Executor Deep Recursion Remote Denial of Service Vulnerability. CVE-2006-1549. Dos exploit for php platform |
| id | EDB-ID:29693 |
| last seen | 2016-02-03 |
| modified | 2007-03-01 |
| published | 2007-03-01 |
| reporter | Maksymilian Arciemowicz |
| source | https://www.exploit-db.com/download/29693/ |
| title | PHP 4/5 Executor Deep Recursion Remote Denial of Service Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | PHP_5_2_0.NASL |
| description | According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 31649 |
| published | 2008-03-25 |
| reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/31649 |
| title | PHP 5.x < 5.2 Multiple Vulnerabilities |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-04-16 |
| organization | Red Hat |
| statement | The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. |
References
- http://securityreason.com/achievement_securityalert/35
- http://securityreason.com/securityalert/2312
- http://securityreason.com/securityalert/676
- http://securitytracker.com/id?1015880
- http://www.osvdb.org/24485
- http://www.php-security.org/MOPB/MOPB-02-2007.html
- http://www.securityfocus.com/archive/1/430453/100/0/threaded
- http://www.securityfocus.com/archive/1/430598/100/0/threaded
- http://www.securityfocus.com/archive/1/430742/100/0/threaded
- http://www.securityfocus.com/archive/1/431018/100/0/threaded
- http://www.securityfocus.com/bid/22766
- http://www.vupen.com/english/advisories/2006/1290
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25704