Vulnerabilities > CVE-2006-1608 - Safe_Mode and Open_Basedir Restriction Bypass vulnerability in PHP

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
php
nessus
exploit available
NVD
Published: 2006-04-10
Updated: 2018-10-30

Summary

The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.

Vulnerable Configurations

Part Description Count
Application
Php
65

Exploit-Db

descriptionPHP 4.x copy() Function Safe Mode Bypass. CVE-2006-1608. Remote exploit for php platform
idEDB-ID:27596
last seen2016-02-03
modified2006-04-10
published2006-04-10
reporterMaksymilian Arciemowicz
sourcehttps://www.exploit-db.com/download/27596/
titlePHP 4.x copy Function Safe Mode Bypass

Nessus

  • NASL familyCGI abuses
    NASL idPHP_4_4_3.NASL
    descriptionAccording to its banner, the version of PHP installed on the remote host is older than 4.4.3 / 5.1.4. Such versions may be affected by several issues, including a buffer overflow, heap corruption, and a flaw by which a variable may survive a call to
    last seen2020-06-01
    modified2020-06-02
    plugin id22268
    published2006-08-25
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22268
    titlePHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-320-1.NASL
    descriptionThe phpinfo() PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). Please note that it is not recommended to publicly expose phpinfo(). (CVE-2006-0996) An information disclosure has been reported in the html_entity_decode() function. A script which uses this function to process arbitrary user-supplied input could be exploited to expose a random part of memory, which could potentially reveal sensitive data. (CVE-2006-1490) The wordwrap() function did not sufficiently check the validity of the
    last seen2020-06-01
    modified2020-06-02
    plugin id27897
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27897
    titleUbuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-320-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-074.NASL
    descriptionA cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP <= 5.1.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. (CVE-2006-0996) Directory traversal vulnerability in file.c in PHP <= 5.1.2 allows local users to bypass open_basedir restrictions and allows remote attackers to create files in arbitrary directories via the tempnam function. (CVE-2006-1494) The copy function in file.c in PHP <= 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. (CVE-2006-1608) Updated packages have been patched to address these issues. After upgrading these packages, please run
    last seen2020-06-01
    modified2020-06-02
    plugin id21281
    published2006-04-26
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21281
    titleMandrake Linux Security Advisory : php (MDKSA-2006:074)

Statements

contributorMark J Cox
lastmodified2006-08-30
organizationRed Hat
statementWe do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1

References