Vulnerabilities > CVE-2006-1608 - Unspecified vulnerability in PHP
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.
Vulnerable Configurations
Exploit-Db
| description | PHP 4.x copy() Function Safe Mode Bypass. CVE-2006-1608. Remote exploit for php platform |
| id | EDB-ID:27596 |
| last seen | 2016-02-03 |
| modified | 2006-04-10 |
| published | 2006-04-10 |
| reporter | Maksymilian Arciemowicz |
| source | https://www.exploit-db.com/download/27596/ |
| title | PHP 4.x copy Function Safe Mode Bypass |
Nessus
NASL family CGI abuses NASL id PHP_4_4_3.NASL description According to its banner, the version of PHP installed on the remote host is older than 4.4.3 / 5.1.4. Such versions may be affected by several issues, including a buffer overflow, heap corruption, and a flaw by which a variable may survive a call to last seen 2020-06-01 modified 2020-06-02 plugin id 22268 published 2006-08-25 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22268 title PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-320-1.NASL description The phpinfo() PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). Please note that it is not recommended to publicly expose phpinfo(). (CVE-2006-0996) An information disclosure has been reported in the html_entity_decode() function. A script which uses this function to process arbitrary user-supplied input could be exploited to expose a random part of memory, which could potentially reveal sensitive data. (CVE-2006-1490) The wordwrap() function did not sufficiently check the validity of the last seen 2020-06-01 modified 2020-06-02 plugin id 27897 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27897 title Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-320-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-074.NASL description A cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP <= 5.1.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. (CVE-2006-0996) Directory traversal vulnerability in file.c in PHP <= 5.1.2 allows local users to bypass open_basedir restrictions and allows remote attackers to create files in arbitrary directories via the tempnam function. (CVE-2006-1494) The copy function in file.c in PHP <= 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. (CVE-2006-1608) Updated packages have been patched to address these issues. After upgrading these packages, please run last seen 2020-06-01 modified 2020-06-02 plugin id 21281 published 2006-04-26 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21281 title Mandrake Linux Security Advisory : php (MDKSA-2006:074)
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-08-30 |
| organization | Red Hat |
| statement | We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 |
References
- http://secunia.com/advisories/19599
- http://secunia.com/advisories/19599
- http://secunia.com/advisories/19775
- http://secunia.com/advisories/19775
- http://secunia.com/advisories/21125
- http://secunia.com/advisories/21125
- http://securityreason.com/achievement_securityalert/37
- http://securityreason.com/achievement_securityalert/37
- http://securityreason.com/securityalert/678
- http://securityreason.com/securityalert/678
- http://securitytracker.com/id?1015882
- http://securitytracker.com/id?1015882
- http://us.php.net/releases/5_1_3.php
- http://us.php.net/releases/5_1_3.php
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
- http://www.osvdb.org/24487
- http://www.osvdb.org/24487
- http://www.securityfocus.com/archive/1/430461/100/0/threaded
- http://www.securityfocus.com/archive/1/430461/100/0/threaded
- http://www.securityfocus.com/archive/1/440869/100/0/threaded
- http://www.securityfocus.com/archive/1/440869/100/0/threaded
- http://www.securityfocus.com/archive/1/441210/100/0/threaded
- http://www.securityfocus.com/archive/1/441210/100/0/threaded
- http://www.securityfocus.com/bid/17439
- http://www.securityfocus.com/bid/17439
- http://www.ubuntu.com/usn/usn-320-1
- http://www.ubuntu.com/usn/usn-320-1
- http://www.vupen.com/english/advisories/2006/1290
- http://www.vupen.com/english/advisories/2006/1290
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25706