CVE-2006-1990 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-1990
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1990

Description: Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26001 UBUNTU http://www.ubuntu.com/usn/usn-320-1 TURBO http://www.turbolinux.com/security/2006/TLSA-2006-38.txt SUSE http://www.novell.com/linux/security/advisories/2006_31_php.html ST 1015979 SGI SAID Secunia Advisory: SA23155 Secunia Advisory: SA22225 Secunia Advisory: SA21723 Secunia Advisory: SA21564 Secunia Advisory: SA21252 Secunia Advisory: SA21135 Secunia Advisory: SA21031 Secunia Advisory: SA21050 Secunia Advisory: SA20269 Secunia Advisory: SA20222 Secunia Advisory: SA19803 Secunia Advisory: SA20052 Secunia Advisory: SA20676 Secunia Advisory: SA21125 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0568.html http://rhn.redhat.com/errata/RHSA-2006-0549.html http://www.redhat.com/support/errata/RHSA-2006-0501.html MISC http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:122 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:091 MANDRAKE http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:091 GENTOO http://security.gentoo.org/glsa/glsa-200605-08.xml CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm http://docs.info.apple.com/article.html?artnum=304829 CERT http://www.us-cert.gov/cas/techalerts/TA06-333A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/447866/100/0/threaded APPLE http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html

Return to the previous page.