VUPEN Security - Mandriva Security Update Fixes PHP Multiple Restrictions Bypass Vulnerabilities / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Mandriva Security Update Fixes PHP Multiple Restrictions Bypass Vulnerabilities

Title : Mandriva Security Update Fixes PHP Multiple Restrictions Bypass Vulnerabilities
VUPEN ID : VUPEN/ADV-2006-4077
CVE ID : CVE-2006-4625 - CVE-2006-5178
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-10-18

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Receive VUPEN Security notifications by SMS

Mandriva has released updated packages to address multiple vulnerabilities identified in PHP [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2006.0:
7b9ad6634f3b5307025b87ad98561bd4 2006.0/i586/libphp5_common5-5.0.4-9.16.20060mdk.i586.rpm
0d8236ff100de2f5302823d5ba5b2352 2006.0/i586/php-cgi-5.0.4-9.16.20060mdk.i586.rpm
2a571c3bce931c414c23cf60a7adf794 2006.0/i586/php-cli-5.0.4-9.16.20060mdk.i586.rpm
1b5cc543c1274843eaa00e72d9ee0862 2006.0/i586/php-devel-5.0.4-9.16.20060mdk.i586.rpm
7c1c90f460b51eb7675f9fa297e49db6 2006.0/i586/php-fcgi-5.0.4-9.16.20060mdk.i586.rpm
017578a23304ae4f57d24de3d3f15cd8 2006.0/SRPMS/php-5.0.4-9.16.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
2a059bc5330467dbeba77ea79b647874 2006.0/x86_64/lib64php5_common5-5.0.4-9.16.20060mdk.x86_64.rpm
3a59479574575a357e841abfbce8b143 2006.0/x86_64/php-cgi-5.0.4-9.16.20060mdk.x86_64.rpm
75e164fa3b7be5cd31d89c14e97abc7c 2006.0/x86_64/php-cli-5.0.4-9.16.20060mdk.x86_64.rpm
247d30753dfd7905dd551acddfe9ec38 2006.0/x86_64/php-devel-5.0.4-9.16.20060mdk.x86_64.rpm
30c793f9c493c8f75d554b9831adcc41 2006.0/x86_64/php-fcgi-5.0.4-9.16.20060mdk.x86_64.rpm
017578a23304ae4f57d24de3d3f15cd8 2006.0/SRPMS/php-5.0.4-9.16.20060mdk.src.rpm

Mandriva Linux 2007.0:
6fe8562e783fc7ba1ffe6004747f6ea1 2007.0/i586/libphp5_common5-5.1.6-1.2mdv2007.0.i586.rpm
9535734bceebf3f5866d88df9ce13416 2007.0/i586/php-cgi-5.1.6-1.2mdv2007.0.i586.rpm
9c205cc11ea4bd566528cf484da6a799 2007.0/i586/php-cli-5.1.6-1.2mdv2007.0.i586.rpm
ea9d3720bab8912cedb03ba031448f02 2007.0/i586/php-devel-5.1.6-1.2mdv2007.0.i586.rpm
dbfdb03f5d8959305a74bee6d01f87bb 2007.0/i586/php-fcgi-5.1.6-1.2mdv2007.0.i586.rpm
7576b12cb3591dbc2ccda6a364ad78a0 2007.0/SRPMS/php-5.1.6-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
1d5b9358b862e3d5a329d9e8dfdca7d6 2007.0/x86_64/lib64php5_common5-5.1.6-1.2mdv2007.0.x86_64.rpm
e761594b551c9416d3c525acd3404ec9 2007.0/x86_64/php-cgi-5.1.6-1.2mdv2007.0.x86_64.rpm
e33c203f34d05200eae7e807eb55db06 2007.0/x86_64/php-cli-5.1.6-1.2mdv2007.0.x86_64.rpm
8ff2c627456c5be71a49fe9713d7a04b 2007.0/x86_64/php-devel-5.1.6-1.2mdv2007.0.x86_64.rpm
251c46935c1137cec958766aef5940ee 2007.0/x86_64/php-fcgi-5.1.6-1.2mdv2007.0.x86_64.rpm
7576b12cb3591dbc2ccda6a364ad78a0 2007.0/SRPMS/php-5.1.6-1.2mdv2007.0.src.rpm

Corporate 3.0:
94d92ba1402025e29384e46c1e1d8417 corporate/3.0/i586/libphp_common432-4.3.4-4.21.C30mdk.i586.rpm
24b459dc2a595622306ffa6dd81110eb corporate/3.0/i586/php432-devel-4.3.4-4.21.C30mdk.i586.rpm
dbcf46a2ea6ec148aef9def41559cb2c corporate/3.0/i586/php-cgi-4.3.4-4.21.C30mdk.i586.rpm
c20d060d73d89bab88e20a1d2b7eb317 corporate/3.0/i586/php-cli-4.3.4-4.21.C30mdk.i586.rpm
2f30a3b70a2a71033239ab9f1a225007 corporate/3.0/SRPMS/php-4.3.4-4.21.C30mdk.src.rpm

Corporate 3.0/X86_64:
6a8d26121ca42d6412027e782ab3155e corporate/3.0/x86_64/lib64php_common432-4.3.4-4.21.C30mdk.x86_64.rpm
f57e2926bd5720c4a701c30eff89c3d9 corporate/3.0/x86_64/php432-devel-4.3.4-4.21.C30mdk.x86_64.rpm
6bc7d2d669a7de8488a916daca0f9537 corporate/3.0/x86_64/php-cgi-4.3.4-4.21.C30mdk.x86_64.rpm
36a84a2b19392ac8fc233f284fefd4b1 corporate/3.0/x86_64/php-cli-4.3.4-4.21.C30mdk.x86_64.rpm
2f30a3b70a2a71033239ab9f1a225007 corporate/3.0/SRPMS/php-4.3.4-4.21.C30mdk.src.rpm

Corporate 4.0:
9a16fa6647a207b0b1bb83d3ffa9c0a7 corporate/4.0/i586/libphp4_common4-4.4.4-1.1.20060mlcs4.i586.rpm
cf05e55a175a6ef9082f921138e075d8 corporate/4.0/i586/libphp5_common5-5.1.6-1.1.20060mlcs4.i586.rpm
e21a56860c5b39ad4d0a973d0b5c04ae corporate/4.0/i586/php4-cgi-4.4.4-1.1.20060mlcs4.i586.rpm
80ace134c6d464d2eae73f412792f824 corporate/4.0/i586/php4-cli-4.4.4-1.1.20060mlcs4.i586.rpm
41eb1b206d4ee9fc4e7a9536fe736e71 corporate/4.0/i586/php4-devel-4.4.4-1.1.20060mlcs4.i586.rpm
59f2320d9b1a149bde3addd9e6cd6f62 corporate/4.0/i586/php-cgi-5.1.6-1.1.20060mlcs4.i586.rpm
20a49834ba864b820956b8758cecbfe4 corporate/4.0/i586/php-cli-5.1.6-1.1.20060mlcs4.i586.rpm
a02cc4ffa1999da4ee3479b0af25972b corporate/4.0/i586/php-devel-5.1.6-1.1.20060mlcs4.i586.rpm
4e4d849a1af4e2d74175ee0492585472 corporate/4.0/i586/php-fcgi-5.1.6-1.1.20060mlcs4.i586.rpm
8d0b699e033d7032f7a7395c09db0d8d corporate/4.0/SRPMS/php4-4.4.4-1.1.20060mlcs4.src.rpm
ebb91921a4759e8f8c796a76b19903e0 corporate/4.0/SRPMS/php-5.1.6-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
88081e7ca8787e0c3a28bf09b8a3b276 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.1.20060mlcs4.x86_64.rpm
06b0f4c04cc26c495421ad45dd54fbef corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.1.20060mlcs4.x86_64.rpm
a978e89b61aebec8ab614f5fae97610b corporate/4.0/x86_64/php4-cgi-4.4.4-1.1.20060mlcs4.x86_64.rpm
f63d42fbfadba50cc664e6e1d45cd75b corporate/4.0/x86_64/php4-cli-4.4.4-1.1.20060mlcs4.x86_64.rpm
8ffc4994ae4916f3f02affe22e34506d corporate/4.0/x86_64/php4-devel-4.4.4-1.1.20060mlcs4.x86_64.rpm
973b5ad29c8824382bdc590938275edb corporate/4.0/x86_64/php-cgi-5.1.6-1.1.20060mlcs4.x86_64.rpm
db0a9003ca5f6a0a45e480755a32a6c9 corporate/4.0/x86_64/php-cli-5.1.6-1.1.20060mlcs4.x86_64.rpm
18aa080e3686268e6127857c354cda6a corporate/4.0/x86_64/php-devel-5.1.6-1.1.20060mlcs4.x86_64.rpm
f3a6f93b353b9d4bdbf45f0d90b31d3f corporate/4.0/x86_64/php-fcgi-5.1.6-1.1.20060mlcs4.x86_64.rpm
8d0b699e033d7032f7a7395c09db0d8d corporate/4.0/SRPMS/php4-4.4.4-1.1.20060mlcs4.src.rpm
ebb91921a4759e8f8c796a76b19903e0 corporate/4.0/SRPMS/php-5.1.6-1.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
0658393ea4e410043f9870bd7c501c94 mnf/2.0/i586/libphp_common432-4.3.4-4.21.M20mdk.i586.rpm
bd00bdb12dd43728047dff4eda4e31bf mnf/2.0/i586/php432-devel-4.3.4-4.21.M20mdk.i586.rpm
d7a103f7ec687688b117d1ed1193ef47 mnf/2.0/i586/php-cgi-4.3.4-4.21.M20mdk.i586.rpm
872e6981783ce2afe256210322997b5c mnf/2.0/i586/php-cli-4.3.4-4.21.M20mdk.i586.rpm
30afbb282708f88fb06eb0b1fd2ae371 mnf/2.0/SRPMS/php-4.3.4-4.21.M20mdk.src.rpm

ChangeLog

2006-10-18 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

News

>> 2008-12-09

Two Zero-Day Vulnerabilities
Discovered in Windows

>> 2008-12-09

Microsoft Patched Twenty
Eight Vulnerabilities

More Informations