Vulnerability CVE-2006-2563


Published: 2006-05-29   Modified: 2011-03-07

Description:
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.

See advisories in our WLB2 database:
Topic
Author
Date
High
cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4
Maksymilian Arci...
27.05.2006

Vendor: PHP
Product: PHP 
Version: 5.1.4; 4.4.2;

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.vupen.com/english/advisories/2006/2055
http://www.securityfocus.com/bid/18116
http://xforce.iss.net/xforce/xfdb/26764
http://www.novell.com/linux/security/advisories/2006_52_php.html
http://www.novell.com/linux/security/advisories/2006_22_sr.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
http://securitytracker.com/id?1016175
http://securityreason.com/securityalert/959
http://securityreason.com/achievement_securityalert/39
http://secunia.com/advisories/22039
http://secunia.com/advisories/21847
http://secunia.com/advisories/21050
http://secunia.com/advisories/20337

Related CVE
CVE-2017-12934
ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have a...
CVE-2017-12933
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecifie...
CVE-2017-12932
ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array s...
CVE-2017-7890
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitia...
CVE-2017-11628
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant...
CVE-2017-11362
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have...
CVE-2017-11147
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile fu...
CVE-2017-11146
In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7, lack of bounds checks in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related t...

Copyright 2017, cxsecurity.com

 

Back to Top