Vulnerabilities > CVE-2006-5706 - Local Security vulnerability in PHP
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-196.NASL description The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. The purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used) (CVE-2006-5465) Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494. (CVE-2006-5706) Updated packages have been patched to correct these issues. Users must restart Apache for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 24581 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24581 title Mandrake Linux Security Advisory : php (MDKSA-2006:196) NASL family CGI abuses NASL id PHP_5_2_0.NASL description According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as last seen 2020-06-01 modified 2020-06-02 plugin id 31649 published 2008-03-25 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31649 title PHP 5.x < 5.2 Multiple Vulnerabilities
Statements
contributor | Mark J Cox |
lastmodified | 2006-11-10 |
organization | Red Hat |
statement | We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php |