First published: Thu Oct 05 2006(Updated: )
PHP is an HTML-embedded scripting language commonly used with the Apache<br>HTTP Web server.<br>An integer overflow was discovered in the PHP memory handling routines. If<br>a script can cause memory allocation based on untrusted user data, a remote<br>attacker sending a carefully crafted request could execute arbitrary code<br>as the 'apache' user. (CVE-2006-4812)<br>A buffer overflow was discovered in the PHP sscanf() function. If a script<br>used the sscanf() function with positional arguments in the format string,<br>a remote attacker sending a carefully crafted request could execute<br>arbitrary code as the 'apache' user. (CVE-2006-4020)<br>An integer overflow was discovered in the PHP wordwrap() and str_repeat()<br>functions. If a script running on a 64-bit server used either of these<br>functions on untrusted user data, a remote attacker sending a carefully<br>crafted request might be able to cause a heap overflow. (CVE-2006-4482)<br>A buffer overflow was discovered in the PHP gd extension. If a script was<br>set up to process GIF images from untrusted sources using the gd extension,<br>a remote attacker could cause a heap overflow. (CVE-2006-4484)<br>A buffer overread was discovered in the PHP stripos() function. If a<br>script used the stripos() function with untrusted user data, PHP may read<br>past the end of a buffer, which could allow a denial of service attack by a<br>remote user. (CVE-2006-4485)<br>An integer overflow was discovered in the PHP memory allocation handling. <br>On 64-bit platforms, the "memory_limit" setting was not enforced correctly,<br>which could allow a denial of service attack by a remote user. (CVE-2006-4486)<br>These packages also contain a fix for a bug where certain input strings to<br>the metaphone() function could cause memory corruption.<br>Users of PHP should upgrade to these updated packages, which contain<br>backported patches to correct these issues.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.