CVE-2006-3017 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-3017
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3017

Description: zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.4 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/27396 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-320-1 TURBO http://www.turbolinux.com/security/2006/TLSA-2006-38.txt SUSE http://www.novell.com/linux/security/advisories/2006_34_php4.html http://www.novell.com/linux/security/advisories/2006_31_php.html ST 1016306 1016649 SGI SAID Secunia Advisory: SA22225 Secunia Advisory: SA21723 Secunia Advisory: SA21252 Secunia Advisory: SA21202 Secunia Advisory: SA21135 Secunia Advisory: SA21031 Secunia Advisory: SA21050 Secunia Advisory: SA19927 Secunia Advisory: SA22713 Secunia Advisory: SA21125 REDHAT http://rhn.redhat.com/errata/RHSA-2006-0549.html http://www.redhat.com/support/errata/RHSA-2006-0567.html http://www.redhat.com/support/errata/RHSA-2006-0568.html OSVDB 25255 26466 MISC http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:122 FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html DEBIAN http://www.debian.org/security/2006/dsa-1206 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm http://www.php.net/release_5_1_3.php http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/447866/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/442437/100/0/threaded BID 17843

Return to the previous page.