HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2006-35
Multiple vulnerabilities in PHP

Original issue date: September 26, 2006

Severity Rating: High

Systems Affected

  • PHP version 4.4.3 and prior
  • PHP version 5.1.4 and prior

Overview

Multiple vulnerabilities have been reported in PHP which could be remotely exploited by attackers to run arbitrary code on the affected system or cause denial of service attack.

Description

1. Unspecified vulnerability in PHP session handler (CVE-2006-3016)

Unspecified vulnerability has been reported in session.c in PHP which could be exploited by remote attackers from cross site scripting attack to HTTP response splitting attack.

2. PHP "sscanf()" Format Specifier Handling Vulnerability (CVE-2006-4020)

An Array index error vulnerability has been reported in PHP due to an error in the "sscanf()" PHP function while processing format specifiers. This could be exploited by remote attackers to execute arbitrary code and bypass security restriction.

3. An integer overflow Vulnerability in PHP (CVE-2006-4482)

An integer overflow vulnerability has been reported in "str_repeat()" and "wordwrap()" functions on 64bit systems. A remote attacker could exploit the vulnerability via sending crafted request on the affected system to cause a heap overflow .

4. A buffer overflow Vulnerability in PHP (CVE-2006-4484)

A buffer overflow vulnerability has been reported in "LWZReadByte_()" function in ext/gd/libgd/gd_gif_in.c. This could be exploited by remote attacker to execute arbitrary code via a script processing untrusted GIF file with gd extension to cause heap overflow on the affected system.

5. Memory_limit restriction Vulnerability in PHP (CVE-2006-4 486)

A vulnerability has been reported in PHP due to integer overflow in memory allocation routine while running on a 64-bit system. The attacker could exploit the vulnerability to cause denial of service attack on the affected system.

Solution

Upgrade to PHP version 4.4.4 or 5.1.5
http://www.php.net/downloads.php

Vendor Information

PHP
http://www.php.net

References

Redhat
https://rhn.redhat.com/errata/RHSA-2006-0669.html

rSIRT- ADV-2006-3729
http://www.frsirt.com/english/advisories/2006/3729

Secunia
http://secunia.com/advisories/19927
http://secunia.com/advisories/21403
http://secunia.com/advisories/21546

CVE Name

CVE-2006-3016
CVE-2006-4020
CVE-2006-4482
CVE-2006-4484
CVE-2006-4486

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003