User: Password:
Subscribe / Log in / New account

php: several vulnerabilities

Package(s):php CVE #(s):CVE-2006-4481 CVE-2006-4484 CVE-2006-4485
Created:September 8, 2006 Updated:June 13, 2008
Description: The file_exists and imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481).

A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484).

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485).

SuSE SUSE-SR:2008:013 thunderbird, xulrunner, tkimg, cups, qemu, gstreamer010-plugins-good, pan, libxslt 2008-06-13
Mandriva MDVSA-2008:077 perl-Tk 2007-03-26
SuSE SUSE-SR:2008:005 acroread, asterisk, cacti, compat-openssl097g, icu, libcdio, wireshark/ethereal, Jakarta, perl-tk 2008-03-06
Red Hat RHSA-2008:0146-01 gd 2008-02-28
Fedora FEDORA-2008-1643 graphviz 2008-02-13
Foresight FLEA-2008-0007-1 gd 2008-02-11
Fedora FEDORA-2008-1122 tk 2008-02-05
Fedora FEDORA-2008-1131 tk 2008-02-05
SuSE SUSE-SR:2008:003 java, nss_ldap, cairo, geronimo, moodle, SDL_image, python, mysql, nx, xemacs 2008-02-07
Mandriva MDVSA-2008:038 gd 2007-02-07
rPath rPSA-2008-0046-1 gd 2008-02-06
Gentoo 200802-01 sdl-image 2008-02-06
rPath rPSA-2006-0182-1 php 2006-10-05
SuSE SUSE-SA:2006:052 php4,php5 2006-09-21
Red Hat RHSA-2006:0669-01 PHP 2006-09-21
Mandriva MDKSA-2006:162 php 2006-09-07

(Log in to post comments)

php: several vulnerabilities

Posted Sep 27, 2007 17:54 UTC (Thu) by kreutzm (guest, #4700) [Link]

Debian Sarge and Etch are not vulnerable.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds