Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1990

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1990
Last Modified 07 Mar 2011 09:34:45
Published 24 Apr 2006 07:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1990

Summary

Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.

Vulnerable Systems

Application

  • Php 4.4.2

  • Php 5.1.2


References

CERT - TA06-333A

VUPEN - ADV-2006-4750

VUPEN - ADV-2006-1500

MANDRIVA - MDKSA-2006:091

MISC - http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02

CONFIRM - https://issues.rpath.com/browse/RPL-683

XF - php-wordwrap-string-bo(26001)

UBUNTU - USN-320-1

TURBO - TLSA-2006-38

BUGTRAQ - 20061005 rPSA-2006-0182-1 php php-mysql php-pgsql

REDHAT - RHSA-2006:0568

REDHAT - RHSA-2006:0501

SUSE - SUSE-SA:2006:031

MANDRIVA - MDKSA-2006:122

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm

SECTRACK - 1015979

GENTOO - GLSA-200605-08

SECUNIA - 23155

SECUNIA - 22225

SECUNIA - 21723

SECUNIA - 21564

SECUNIA - 21252

SECUNIA - 21135

SECUNIA - 21125

SECUNIA - 21050

SECUNIA - 21031

SECUNIA - 20676

SECUNIA - 20269

SECUNIA - 20222

SECUNIA - 20052

SECUNIA - 19803

REDHAT - RHSA-2006:0549

APPLE - APPLE-SA-2006-11-28

CONFIRM - http://docs.info.apple.com/article.html?artnum=304829

SGI - 20060701-01-U

Related Patches

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 (PPC)

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 Server (PPC)

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 (Intel)


Last Updated: 27 May 2016 10:42:16