ID |
CVE-2006-4486
|
Summary |
Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
-
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
-
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
-
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
|
CVSS |
Base: | 2.6 (as of 30-10-2018 - 16:25) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-189 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
HIGH |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:N/AC:H/Au:N/C:N/I:P/A:N
|
oval
via4
|
accepted | 2013-04-29T04:11:23.846-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | oval | oval:org.mitre.oval:def:11782 |
comment | CentOS Linux 3.x | oval | oval:org.mitre.oval:def:16651 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
| description | Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction. | family | unix | id | oval:org.mitre.oval:def:11086 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction. | version | 29 |
|
redhat
via4
|
advisories | bugzilla | id | 1618188 | title | CVE-2006-4486 security flaw |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 4 is installed | oval | oval:com.redhat.rhba:tst:20070304025 |
OR | AND | comment | php is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669001 |
comment | php is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276002 |
|
AND | comment | php-devel is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669003 |
comment | php-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276004 |
|
AND | comment | php-domxml is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669005 |
comment | php-domxml is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276006 |
|
AND | comment | php-gd is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669007 |
comment | php-gd is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276008 |
|
AND | comment | php-imap is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669009 |
comment | php-imap is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276010 |
|
AND | comment | php-ldap is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669011 |
comment | php-ldap is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276012 |
|
AND | comment | php-mbstring is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669013 |
comment | php-mbstring is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276014 |
|
AND | comment | php-mysql is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669015 |
comment | php-mysql is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276016 |
|
AND | comment | php-ncurses is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669017 |
comment | php-ncurses is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276018 |
|
AND | comment | php-odbc is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669019 |
comment | php-odbc is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276020 |
|
AND | comment | php-pear is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669021 |
comment | php-pear is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276022 |
|
AND | comment | php-pgsql is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669023 |
comment | php-pgsql is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276024 |
|
AND | comment | php-snmp is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669025 |
comment | php-snmp is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276026 |
|
AND | comment | php-xmlrpc is earlier than 0:4.3.9-3.18 | oval | oval:com.redhat.rhsa:tst:20060669027 |
comment | php-xmlrpc is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060276028 |
|
|
|
|
| rhsa | id | RHSA-2006:0669 | released | 2006-09-21 | severity | Moderate | title | RHSA-2006:0669: php security update (Moderate) |
|
| rpms | - php-0:4.3.2-36.ent
- php-0:4.3.9-3.18
- php-debuginfo-0:4.3.2-36.ent
- php-debuginfo-0:4.3.9-3.18
- php-devel-0:4.3.2-36.ent
- php-devel-0:4.3.9-3.18
- php-domxml-0:4.3.9-3.18
- php-gd-0:4.3.9-3.18
- php-imap-0:4.3.2-36.ent
- php-imap-0:4.3.9-3.18
- php-ldap-0:4.3.2-36.ent
- php-ldap-0:4.3.9-3.18
- php-mbstring-0:4.3.9-3.18
- php-mysql-0:4.3.2-36.ent
- php-mysql-0:4.3.9-3.18
- php-ncurses-0:4.3.9-3.18
- php-odbc-0:4.3.2-36.ent
- php-odbc-0:4.3.9-3.18
- php-pear-0:4.3.9-3.18
- php-pgsql-0:4.3.2-36.ent
- php-pgsql-0:4.3.9-3.18
- php-snmp-0:4.3.9-3.18
- php-xmlrpc-0:4.3.9-3.18
- php-0:5.1.4-1.el4s1.4
- php-bcmath-0:5.1.4-1.el4s1.4
- php-dba-0:5.1.4-1.el4s1.4
- php-debuginfo-0:5.1.4-1.el4s1.4
- php-devel-0:5.1.4-1.el4s1.4
- php-gd-0:5.1.4-1.el4s1.4
- php-imap-0:5.1.4-1.el4s1.4
- php-ldap-0:5.1.4-1.el4s1.4
- php-mbstring-0:5.1.4-1.el4s1.4
- php-mysql-0:5.1.4-1.el4s1.4
- php-ncurses-0:5.1.4-1.el4s1.4
- php-odbc-0:5.1.4-1.el4s1.4
- php-pdo-0:5.1.4-1.el4s1.4
- php-pgsql-0:5.1.4-1.el4s1.4
- php-snmp-0:5.1.4-1.el4s1.4
- php-soap-0:5.1.4-1.el4s1.4
- php-xml-0:5.1.4-1.el4s1.4
- php-xmlrpc-0:5.1.4-1.el4s1.4
|
|
refmap
via4
|
|
Last major update |
30-10-2018 - 16:25 |
Published |
31-08-2006 - 21:04 |
Last modified |
30-10-2018 - 16:25 |