CVE-2006-4486

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.

References

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

http://rhn.redhat.com/errata/RHSA-2006-0688.html

http://secunia.com/advisories/21546

http://secunia.com/advisories/22004

http://secunia.com/advisories/22069

http://secunia.com/advisories/22225

http://secunia.com/advisories/22331

http://secunia.com/advisories/22440

http://secunia.com/advisories/22487

http://secunia.com/advisories/22538

http://secunia.com/advisories/25945

http://securitytracker.com/id?1016984

http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm

http://www.debian.org/security/2007/dsa-1331

http://www.hardened-php.net/hphp/changelog.html#hardening_patch_0.4.14

http://www.novell.com/linux/security/advisories/2006_52_php.html

http://www.php.net/ChangeLog-5.php#5.1.6

http://www.php.net/release_5_1_6.php

http://www.redhat.com/support/errata/RHSA-2006-0669.html

http://www.redhat.com/support/errata/RHSA-2006-0682.html

http://www.securityfocus.com/archive/1/447866/100/0/threaded

http://www.securityfocus.com/bid/19582

http://www.turbolinux.com/security/2006/TLSA-2006-38.txt

http://www.ubuntu.com/usn/usn-362-1

https://issues.rpath.com/browse/RPL-683

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11086

Details

Source: MITRE

Published: 2006-08-31

Updated: 2018-10-30

Type: CWE-189

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
67421Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669)NessusOracle Linux Local Security Checks
high
4444PHP 5.x < 5.2.0 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
31649PHP 5.x < 5.2 Multiple VulnerabilitiesNessusCGI abuses
high
27942Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-362-1)NessusUbuntu Local Security Checks
critical
25678Debian DSA-1331-1 : php4 - several vulnerabilitiesNessusDebian Local Security Checks
high
3732PHP 4.x < 4.4.4 / 5.x < 5.1.4 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
22444RHEL 2.1 : php (RHSA-2006:0682)NessusRed Hat Local Security Checks
high
22443RHEL 3 / 4 : php (RHSA-2006:0669)NessusRed Hat Local Security Checks
high
22423CentOS 3 / 4 : php (CESA-2006:0669)NessusCentOS Local Security Checks
high
22343FreeBSD : php -- multiple vulnerabilities (ea09c5df-4362-11db-81e1-000e0c2e438a)NessusFreeBSD Local Security Checks
critical
22053Mandrake Linux Security Advisory : php (MDKSA-2006:122)NessusMandriva Local Security Checks
critical
801073PHP < 4.4.4 / 5.1.4 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high