CVE-2006-4812 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-4812
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-4812

Description: Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/29362 UBUNTU http://www.ubuntu.com/usn/usn-362-1 TRUSTIX http://www.trustix.org/errata/2006/0055 SUSE http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html ST 1016984 SREASON http://securityreason.com/securityalert/1691 SAID Secunia Advisory: SA22300 Secunia Advisory: SA22331 Secunia Advisory: SA22538 Secunia Advisory: SA22650 Secunia Advisory: SA22533 Secunia Advisory: SA22338 Secunia Advisory: SA22280 Secunia Advisory: SA22281 REDHAT http://rhn.redhat.com/errata/RHSA-2006-0708.html http://rhn.redhat.com/errata/RHSA-2006-0688.html OPENPKG http://www.securityfocus.com/archive/1/archive/1/448953/100/0/threaded MISC http://www.hardened-php.net/advisory_092006.133.html GENTOO http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162 http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm http://www.hardened-php.net/files/CVE-2006-4812.patch BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/448014/100/0/threaded BID 20349

Return to the previous page.