Rapid7 Vulnerability & Exploit Database

CESA-2006:0276: php security update

Free InsightVM Trial No credit card necessary
Watch Demo See how it all works
Back to Search

CESA-2006:0276: php security update



Updated PHP packages that fix multiple security issues are now available for CentOS Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The phpinfo() PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). (CVE-2006-0996) The html_entity_decode() PHP function was found to not be binary safe. An attacker could use this flaw to disclose a certain part of the memory. In order for this issue to be exploitable the target site would need to have a PHP script which called the "html_entity_decode()" function with untrusted input from the user and displayed the result. (CVE-2006-1490) The error handling output was found to not properly escape HTML output in certain cases. An attacker could use this flaw to perform cross-site scripting attacks against sites where both display_errors and html_errors are enabled. (CVE-2006-0208) An input validation error was found in the "mb_send_mail()" function. An attacker could use this flaw to inject arbitrary headers in a mail sent via a script calling the "mb_send_mail()" function where the "To" parameter can be controlled by the attacker. (CVE-2005-3883) A buffer overflow flaw was discovered in uw-imap, the University of Washington's IMAP Server. php-imap is compiled against the static c-client libraries from imap and therefore needed to be recompiled against the fixed version. This issue only affected CentOS Linux 3. (CVE-2005-2933). Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues.


  • centos-upgrade-php
  • centos-upgrade-php-devel
  • centos-upgrade-php-domxml
  • centos-upgrade-php-gd
  • centos-upgrade-php-imap
  • centos-upgrade-php-ldap
  • centos-upgrade-php-mbstring
  • centos-upgrade-php-mysql
  • centos-upgrade-php-ncurses
  • centos-upgrade-php-odbc
  • centos-upgrade-php-pear
  • centos-upgrade-php-pgsql
  • centos-upgrade-php-snmp
  • centos-upgrade-php-xmlrpc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center