Rapid7 Vulnerability & Exploit Database

RHSA-2006:0688: php security update

Back to Search

RHSA-2006:0688: php security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
10/10/2006
Created
07/25/2018
Added
12/15/2006
Modified
07/12/2017

Description

Updated PHP packages that fix multiple security issues are now available for the Red Hat Application Stack. This update has been rated as having important security impact by the Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4812) A buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020) An integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482) A buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow. (CVE-2006-4484) A buffer overread was discovered in the PHP stripos() function. If a script used the stripos() function with untrusted user data, PHP may read past the end of a buffer, which could allow a denial of service attack by a remote user. (CVE-2006-4485) An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the "memory_limit" setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486) These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption. Users of PHP should upgrade to these updated packages, which contain backported patches to correct these issues.

Solution(s)

  • redhat-upgrade-php
  • redhat-upgrade-php-bcmath
  • redhat-upgrade-php-dba
  • redhat-upgrade-php-devel
  • redhat-upgrade-php-gd
  • redhat-upgrade-php-imap
  • redhat-upgrade-php-ldap
  • redhat-upgrade-php-mbstring
  • redhat-upgrade-php-mysql
  • redhat-upgrade-php-ncurses
  • redhat-upgrade-php-odbc
  • redhat-upgrade-php-pdo
  • redhat-upgrade-php-pgsql
  • redhat-upgrade-php-snmp
  • redhat-upgrade-php-soap
  • redhat-upgrade-php-xml
  • redhat-upgrade-php-xmlrpc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;