Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1608

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2006-1608
Last Modified 07 Mar 2011 09:33:25
Published 10 Apr 2006 03:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1608

Summary

The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.

Vulnerable Systems

Application

  • Php 4.0

  • Php 4.0.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.3

  • Php 4.3.1

  • Php 4.3.10

  • Php 4.3.11

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.4

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 4.3.8

  • Php 4.3.9

  • Php 4.4.0

  • Php 4.4.1

  • Php 4.4.2

  • Php 5.0

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2

  • Php 5.0.3

  • Php 5.0.4

  • Php 5.0.5

  • Php 5.1

  • Php 5.1.0

  • Php 5.1.1

  • Php 5.1.2


References

SREASONRES - 20060408 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2

SECUNIA - 19599

VUPEN - ADV-2006-1290

XF - php-copy-safemode-bypass(25706)

UBUNTU - USN-320-1

BID - 17439

BUGTRAQ - 20060723 Re: new shell bypass safe mode

BUGTRAQ - 20060718 new shell bypass safe mode

BUGTRAQ - 20060409 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2

OSVDB - 24487

MANDRIVA - MDKSA-2006:074

CONFIRM - http://us.php.net/releases/5_1_3.php

SECTRACK - 1015882

SREASON - 678

SECUNIA - 21125

SECUNIA - 19775


Last Updated: 27 May 2016 10:42:09