Vulnerabilities > CVE-2006-4625 - Unspecified vulnerability in PHP
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
Vulnerable Configurations
Exploit-Db
| description | PHP 3-5 Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability. CVE-2006-4625. Local exploit for php platform |
| id | EDB-ID:28504 |
| last seen | 2016-02-03 |
| modified | 2006-09-09 |
| published | 2006-09-09 |
| reporter | Maksymilian Arciemowicz |
| source | https://www.exploit-db.com/download/28504/ |
| title | PHP 3-5 Ini_Restore Safe_Mode and Open_Basedir Restriction Bypass Vulnerability |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-362-1.NASL description The stripos() function did not check for invalidly long or empty haystack strings. In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter. (CVE-2006-4485) An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the last seen 2020-06-01 modified 2020-06-02 plugin id 27942 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27942 title Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-362-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-362-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(27942); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2006-4485", "CVE-2006-4486", "CVE-2006-4625", "CVE-2006-4812"); script_bugtraq_id(19582, 19933, 20349); script_xref(name:"USN", value:"362-1"); script_name(english:"Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-362-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The stripos() function did not check for invalidly long or empty haystack strings. In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter. (CVE-2006-4485) An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly. A remote attacker could exploit this to cause a Denial of Service attack through memory exhaustion. (CVE-2006-4486) Maksymilian Arciemowicz discovered that security relevant configuration options like open_basedir and safe_mode (which can be configured in Apache's httpd.conf) could be bypassed and reset to their default value in php.ini by using the ini_restore() function. (CVE-2006-4625) Stefan Esser discovered that the ecalloc() function in the Zend engine did not check for integer overflows. This particularly affected the unserialize() function. In applications which unserialize untrusted user-defined data, this could be exploited to execute arbitrary code with the application's privileges. (CVE-2006-4812). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/362-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(94); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mhash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mysqli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-sybase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-xsl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"patch_publication_date", value:"2006/10/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.04|5\.10|6\.06)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04 / 5.10 / 6.06", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.04", pkgname:"libapache2-mod-php4", pkgver:"4:4.3.10-10ubuntu4.8")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4", pkgver:"4.3.10-10ubuntu4.8")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-cgi", pkgver:"4:4.3.10-10ubuntu4.8")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-cli", pkgver:"4:4.3.10-10ubuntu4.8")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-common", pkgver:"4.3.10-10ubuntu4.8")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-dev", pkgver:"4.3.10-10ubuntu4.8")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libapache2-mod-php5", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php-pear", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-cgi", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-cli", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-common", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-curl", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-dev", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-gd", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-ldap", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-mhash", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-mysql", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-odbc", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-pgsql", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-recode", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-snmp", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-sqlite", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-sybase", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-xmlrpc", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-xsl", pkgver:"5.0.5-2ubuntu1.5")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libapache2-mod-php5", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php-pear", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-cgi", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-cli", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-common", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-curl", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-dev", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-gd", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-ldap", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-mhash", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-mysql", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-mysqli", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-odbc", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-pgsql", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-recode", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-snmp", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-sqlite", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-sybase", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-xmlrpc", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-xsl", pkgver:"5.1.2-1ubuntu3.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php4 / libapache2-mod-php5 / php-pear / php4 / etc"); }NASL family CGI abuses NASL id PHP_4_4_5.NASL description According to its banner, the version of PHP installed on the remote host is older than 4.4.5. Such versions may be affected by several issues, including buffer overflows, format string vulnerabilities, arbitrary code execution, last seen 2020-06-01 modified 2020-06-02 plugin id 24906 published 2007-04-02 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24906 title PHP < 4.4.5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(24906); script_version("1.25"); script_cvs_date("Date: 2018/07/24 18:56:10"); script_cve_id( "CVE-2006-4625", "CVE-2007-0905", "CVE-2007-0906", "CVE-2007-0907", "CVE-2007-0908", "CVE-2007-0909", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1286", "CVE-2007-1376", "CVE-2007-1378", "CVE-2007-1379", "CVE-2007-1380", "CVE-2007-1700", "CVE-2007-1701", "CVE-2007-1777", "CVE-2007-1825", "CVE-2007-1835", "CVE-2007-1884", "CVE-2007-1885", "CVE-2007-1886", "CVE-2007-1887", "CVE-2007-1890" ); script_bugtraq_id( 22496, 22805, 22806, 22833, 22862, 23119, 23120, 23169, 23219, 23233, 23234, 23235, 23236 ); script_name(english:"PHP < 4.4.5 Multiple Vulnerabilities"); script_summary(english:"Checks version of PHP"); script_set_attribute( attribute:"synopsis", value: "The remote web server uses a version of PHP that is affected by multiple flaws." ); script_set_attribute( attribute:"description", value: "According to its banner, the version of PHP installed on the remote host is older than 4.4.5. Such versions may be affected by several issues, including buffer overflows, format string vulnerabilities, arbitrary code execution, 'safe_mode' and 'open_basedir' bypasses, and clobbering of super-globals." ); script_set_attribute(attribute:"see_also", value:"http://www.php.net/releases/4_4_5.php"); script_set_attribute(attribute:"solution", value: "Upgrade to PHP version 4.4.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"metasploit_name", value:'PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(20, 399); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/02"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/09"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("php_version.nasl"); script_require_ports("Services/www", 80); script_require_keys("www/PHP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("audit.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); if (version =~ "^3\." || version =~ "^4\.[0-3]\." || version =~ "^4\.4\.[0-4]($|[^0-9])" ) { if (report_verbosity > 0) { report = '\n Version source : '+source + '\n Installed version : '+version+ '\n Fixed version : 4.4.5\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);NASL family CGI abuses NASL id PHP_5_2_0.NASL description According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as last seen 2020-06-01 modified 2020-06-02 plugin id 31649 published 2008-03-25 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31649 title PHP 5.x < 5.2 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_PHP5-2153.NASL description The ini_restore() method could be exploited to reset options set in the webserver config to their default values (CVE-2006-4625). The memory handling routines contained an integer overflow (CVE-2006-4812). last seen 2020-06-01 modified 2020-06-02 plugin id 27147 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27147 title openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2153) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-185.NASL description PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. (CVE-2006-4625) A race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink. (CVE-2006-5178) Because the design flaw cannot be solved it is strongly recommended to disable the symlink() function if you are using the open_basedir feature. You can achieve that by adding symlink to the list of disabled functions within your php.ini: disable_functions=...,symlink The updated packages do not alter the system php.ini. Updated packages have been patched to correct the CVE-2006-4625 issue. Users must restart Apache for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 24570 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24570 title Mandrake Linux Security Advisory : php (MDKSA-2006:185) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_059.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:059 (php4,php5). The ini_restore() method could be exploited to reset options such as open_basedir when set via the web server config file to their default value set in php.ini (CVE-2006-4625). Additionally php5 on all products as well as php4 on SLES8 were vulnerable to an integer overflow problem in the memory allocation routine. This bug can be exploited to execute arbitrary code with the uid of the web server (CVE-2006-4812). Thanks to Stefan Esser for reporting the problem. last seen 2019-10-28 modified 2007-02-18 plugin id 24437 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24437 title SUSE-SA:2006:059: php4,php5 NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_PHP5-2152.NASL description The ini_restore() method could be exploited to reset options set in the webserver config to their default values. (CVE-2006-4625) The memory handling routines contained an integer overflow. (CVE-2006-4812) last seen 2020-06-01 modified 2020-06-02 plugin id 29375 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29375 title SuSE 10 Security Update : PHP (ZYPP Patch Number 2152)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/49918/phpBypass.txt |
| id | PACKETSTORM:49918 |
| last seen | 2016-12-05 |
| published | 2006-09-13 |
| reporter | Maksymilian Arciemowicz |
| source | https://packetstormsecurity.com/files/49918/phpBypass.txt.html |
| title | phpBypass.txt |
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-09-20 |
| organization | Red Hat |
| statement | We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
- http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html
- http://secunia.com/advisories/22282
- http://secunia.com/advisories/22331
- http://secunia.com/advisories/22338
- http://secunia.com/advisories/22424
- http://secunia.com/advisories/25423
- http://secunia.com/advisories/25850
- http://securityreason.com/achievement_securityalert/42
- http://securityreason.com/securityalert/1519
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:185
- http://www.securityfocus.com/archive/1/445712/100/0/threaded
- http://www.securityfocus.com/archive/1/445882/100/0/threaded
- http://www.securityfocus.com/archive/1/448953/100/0/threaded
- http://www.securityfocus.com/bid/19933
- http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
- http://www.ubuntu.com/usn/usn-362-1
- http://www.vupen.com/english/advisories/2007/1991
- http://www.vupen.com/english/advisories/2007/2374
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28853