Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3017

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-3017
Last Modified 15 Sep 2010 12:00:00
Published 14 Jun 2006 07:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3017

Summary

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.

Vulnerable Systems

Application

  • Php 3.0

  • Php 3.0.1

  • Php 3.0.10

  • Php 3.0.11

  • Php 3.0.12

  • Php 3.0.13

  • Php 3.0.14

  • Php 3.0.15

  • Php 3.0.16

  • Php 3.0.17

  • Php 3.0.18

  • Php 3.0.2

  • Php 3.0.3

  • Php 3.0.4

  • Php 3.0.5

  • Php 3.0.6

  • Php 3.0.7

  • Php 3.0.8

  • Php 3.0.9

  • Php 4.0

  • Php 4.0.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.3

  • Php 4.3.1

  • Php 4.3.10

  • Php 4.3.11

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.4

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 4.3.8

  • Php 4.3.9

  • Php 4.4.0

  • Php 4.4.1

  • Php 4.4.2

  • Php 5.0

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2

  • Php 5.0.3

  • Php 5.0.4

  • Php 5.0.5

  • Php 5.1

  • Php 5.1.0

  • Php 5.1.1

  • Php 5.1.2

  • Php Pl1


References

CONFIRM - https://issues.rpath.com/browse/RPL-683

XF - php-zendhashdel-unspecified(27396)

UBUNTU - USN-320-1

TURBO - TLSA-2006-38

BID - 17843

BUGTRAQ - 20061005 rPSA-2006-0182-1 php php-mysql php-pgsql

BUGTRAQ - 20060806 PHP: Zend_Hash_Del_Key_Or_Index Vulnerability

REDHAT - RHSA-2006:0568

REDHAT - RHSA-2006:0567

CONFIRM - http://www.php.net/release_5_1_3.php

OSVDB - 26466

OSVDB - 25255

SUSE - SUSE-SA:2006:034

SUSE - SUSE-SA:2006:031

MANDRIVA - MDKSA-2006:122

MISC - http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html

DEBIAN - DSA-1206

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm

SECTRACK - 1016649

SECTRACK - 1016306

SECUNIA - 22713

SECUNIA - 22225

SECUNIA - 21723

SECUNIA - 21252

SECUNIA - 21202

SECUNIA - 21135

SECUNIA - 21125

SECUNIA - 21050

SECUNIA - 21031

SECUNIA - 19927

REDHAT - RHSA-2006:0549

CONFIRM - http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log

CONFIRM - http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2

SGI - 20060701-01-U


Last Updated: 27 May 2016 10:42:51