Rapid7 Vulnerability & Exploit Database

SUSE-SA:2005:051: php4, php5 remote code execution

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SA:2005:051: php4, php5 remote code execution

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

09/05/2005

Created

07/25/2018

Added

11/08/2005

Modified

11/18/2015

Description

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Solution(s)

References

https://attackerkb.com/topics/cve-2005-1921
APPLE-SA-2005-11-29
14088
14560
14620
15647
CVE - 2005-1921
CVE - 2005-2491
CVE - 2005-2498
DSA-745
DSA-746
DSA-747
DSA-789
DSA-798
DSA-800
DSA-817
DSA-819
DSA-821
DSA-840
DSA-842
MDKSA-2005:109
OVAL11294
OVAL11516
OVAL1496
OVAL1659
OVAL350
OVAL735
OVAL9569
RHSA-2005:358
RHSA-2005:564
RHSA-2005:748
RHSA-2005:761
RHSA-2006:0197
20060401-01-U
SUSE-SA:2005:041
SUSE-SA:2005:048
SUSE-SA:2005:049
SUSE-SA:2005:051
SUSE-SA:2005:052
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://marc.theaimsgroup.com/?l=bugtraq&m=112008638320145&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=112015336720867&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=112412415822890&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=112431497300344&w=2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1496
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1659
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:350
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:735
http://pear.php.net/package/XML_RPC/download/1.3.1
http://securityreason.com/securityalert/604
http://sourceforge.net/project/showfiles.php?group_id=87163
http://sourceforge.net/project/shownotes.php?release_id=338803
http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm
http://www.ampache.org/announce/3_3_1_2.php
http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt
http://www.ethereal.com/appnotes/enpa-sa-00021.html
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
http://www.frsirt.com/english/advisories/2005/1511
http://www.frsirt.com/english/advisories/2005/2659
http://www.frsirt.com/english/advisories/2005/2827
http://www.frsirt.com/english/advisories/2006/0789
http://www.frsirt.com/english/advisories/2006/4320
http://www.frsirt.com/english/advisories/2006/4502
http://www.gulftech.org/?node=research&article_id=00087-07012005
http://www.hardened-php.net/advisory-022005.php
http://www.hardened-php.net/advisory_152005.67.html
http://www.novell.com/linux/security/advisories/2005_51_php.html
http://www.php.net/release_4_4_1.php
http://www.securityfocus.com/archive/1/408125
http://www.securityfocus.com/archive/1/archive/1/419064/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/427046/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;