9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.054 Low
EPSS
Percentile
93.2%
CentOS Errata and Security Advisory CESA-2006:0567-01
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A flaw was found in the zend_hash_del() PHP function. For PHP scripts that
rely on the use of the unset() function, a remote attacker could force
variable initialization to be bypassed. This would be a security issue
particularly for installations that enable the “register_globals” setting.
“register_globals” is disabled by default in Red Hat Enterprise Linux.
(CVE-2006-3017)
A directory traversal vulnerability was found in PHP. Local users could
bypass open_basedir restrictions allowing remote attackers to create files
in arbitrary directories via the tempnam() function. (CVE-2006-1494)
A flaw was found in the PHP IMAP MIME header decoding function. An
attacker could craft a message with an overly long header which caused
PHP to crash. (CVE-2002-2214)
Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-July/075232.html
Affected packages:
php
php-devel
php-imap
php-ldap
php-manual
php-mysql
php-odbc
php-pgsql
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | php | < 4.1.2-2.8 | php-4.1.2-2.8.i386.rpm |
CentOS | 2 | i386 | php-devel | < 4.1.2-2.8 | php-devel-4.1.2-2.8.i386.rpm |
CentOS | 2 | i386 | php-imap | < 4.1.2-2.8 | php-imap-4.1.2-2.8.i386.rpm |
CentOS | 2 | i386 | php-ldap | < 4.1.2-2.8 | php-ldap-4.1.2-2.8.i386.rpm |
CentOS | 2 | i386 | php-manual | < 4.1.2-2.8 | php-manual-4.1.2-2.8.i386.rpm |
CentOS | 2 | i386 | php-mysql | < 4.1.2-2.8 | php-mysql-4.1.2-2.8.i386.rpm |
CentOS | 2 | i386 | php-odbc | < 4.1.2-2.8 | php-odbc-4.1.2-2.8.i386.rpm |
CentOS | 2 | i386 | php-pgsql | < 4.1.2-2.8 | php-pgsql-4.1.2-2.8.i386.rpm |