php: several vulnerabilities [LWN.net]

Package(s):

php

CVE #(s):

CVE-2006-4481 CVE-2006-4484 CVE-2006-4485

Created:

September 8, 2006

Updated:

June 13, 2008

Description:

The file_exists and imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481).

A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484).

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485).

Alerts:

SuSE	SUSE-SR:2008:013	2008-06-13
Mandriva	MDVSA-2008:077	2007-03-26
SuSE	SUSE-SR:2008:005	2008-03-06
Red Hat	RHSA-2008:0146-01	2008-02-28
Fedora	FEDORA-2008-1643	2008-02-13
Foresight	FLEA-2008-0007-1	2008-02-11
Fedora	FEDORA-2008-1122	2008-02-05
Fedora	FEDORA-2008-1131	2008-02-05
SuSE	SUSE-SR:2008:003	2008-02-07
Mandriva	MDVSA-2008:038	2007-02-07
rPath	rPSA-2008-0046-1	2008-02-06
Gentoo	200802-01	2008-02-06
rPath	rPSA-2006-0182-1	2006-10-05
SuSE	SUSE-SA:2006:052	2006-09-21
Red Hat	RHSA-2006:0669-01	2006-09-21
Mandriva	MDKSA-2006:162	2006-09-07

(Log in to post comments)

php: several vulnerabilities

Posted Sep 27, 2007 17:54 UTC (Thu) by kreutzm (guest, #4700) [Link]

Debian Sarge and Etch are not vulnerable.