First published: Thu Sep 21 2006(Updated: )
PHP is an HTML-embedded scripting language commonly used with the Apache<br>HTTP Web server.<br>A response-splitting issue was discovered in the PHP session handling. If<br>a remote attacker can force a carefully crafted session identifier to be<br>used, a cross-site-scripting or response-splitting attack could be<br>possible. (CVE-2006-3016)<br>A buffer overflow was discovered in the PHP sscanf() function. If a script<br>used the sscanf() function with positional arguments in the format string,<br>a remote attacker sending a carefully crafted request could execute<br>arbitrary code as the 'apache' user. (CVE-2006-4020)<br>An integer overflow was discovered in the PHP wordwrap() and str_repeat()<br>functions. If a script running on a 64-bit server used either of these<br>functions on untrusted user data, a remote attacker sending a carefully<br>crafted request might be able to cause a heap overflow. (CVE-2006-4482)<br>A buffer overflow was discovered in the PHP gd extension. If a script was<br>set up to process GIF images from untrusted sources using the gd extension,<br>a remote attacker could cause a heap overflow. (CVE-2006-4484)<br>An integer overflow was discovered in the PHP memory allocation handling. <br>On 64-bit platforms, the "memory_limit" setting was not enforced correctly,<br>which could allow a denial of service attack by a remote user. (CVE-2006-4486)<br>Users of PHP should upgrade to these updated packages which contain<br>backported patches to correct these issues. These packages also contain a<br>fix for a bug where certain input strings to the metaphone() function could<br>cause memory corruption.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.