Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1490

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1490
Last Modified 07 Mar 2011 09:33:11
Published 29 Mar 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1490

Summary

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.

Vulnerable Systems

Application

  • Php 3.0

  • Php 3.0.1

  • Php 3.0.10

  • Php 3.0.11

  • Php 3.0.12

  • Php 3.0.13

  • Php 3.0.14

  • Php 3.0.15

  • Php 3.0.16

  • Php 3.0.17

  • Php 3.0.18

  • Php 3.0.2

  • Php 3.0.3

  • Php 3.0.4

  • Php 3.0.5

  • Php 3.0.6

  • Php 3.0.7

  • Php 3.0.8

  • Php 3.0.9

  • Php 4.0.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.3

  • Php 4.3.1

  • Php 4.3.10

  • Php 4.3.11

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.4

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 4.3.8

  • Php 4.3.9

  • Php 4.4.0

  • Php 4.4.1

  • Php 4.4.2

  • Php 5.0

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2

  • Php 5.0.3

  • Php 5.0.4

  • Php 5.0.5

  • Php 5.1.0

  • Php 5.1.1

  • Php 5.1.2


References

CERT - TA06-333A

MISC - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113

VUPEN - ADV-2006-4750

VUPEN - ADV-2006-2685

VUPEN - ADV-2006-1149

BUGTRAQ - 20060328 Critical PHP bug - act ASAP if you are running web with sensitive data

BUGTRAQ - 20060328 Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data

MISC - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=127939

XF - php-htmlentitydecode-information-disclosure(25508)

UBUNTU - USN-320-1

TRUSTIX - 2006-0020

BID - 17296

SUSE - SUSE-SA:2006:024

MANDRIVA - MDKSA-2006:063

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm

GENTOO - GLSA-200605-08

SECUNIA - 23155

SECUNIA - 21125

SECUNIA - 20951

SECUNIA - 20210

SECUNIA - 20052

SECUNIA - 19979

SECUNIA - 19832

SECUNIA - 19570

SECUNIA - 19499

SECUNIA - 19383

REDHAT - RHSA-2006:0276

APPLE - APPLE-SA-2006-11-28

CONFIRM - http://docs.info.apple.com/article.html?artnum=304829

SGI - 20060501-01-U

Related Patches

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 (PPC)

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 Server (PPC)

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 (Intel)


Last Updated: 27 May 2016 10:42:05