OpenPKG Corporation → Security → Security Advisories

OpenPKG Security Advisory

OpenPKG-SA-2006.028

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2006.028
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2006.028
Advisory Published:      2010-02-09 17:43 UTC

Issue Id (internal):     OpenPKG-SI-20061103.01
Issue First Created:     2006-11-03
Issue Last Modified:     2006-12-08
Issue Revision:          08


Subject Name:            PHP
Subject Summary:         Personal HomePage (PHP)
Subject Home:            http://www.php.net/
Subject Versions:        * <= 5.1.6

Vulnerability Id:        CVE-2006-5465
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           remote network
Attack Impact:           arbitrary code execution

Description:
    According to a security advisory [0] from Stefan Esser of the
    Hardened-PHP project, buffer overflows exist in the programming
    language PHP [1], version 5.1.6 and below. The buffer overflows are
    in the functions htmlentities() and htmlspecialchars() and may result
    in arbitrary remote code execution.

References:
    [0] http://www.hardened-php.net/advisory_132006.138.html
    [1] http://www.php.net/


Primary Package Name:    php
Primary Package Home:    http://openpkg.org/go/package/php

Affected Distribution:   Affected Branch:  Affected Package:
OpenPKG Enterprise       E1.0-SOLID        apache-1.3.37-E1.0.0
OpenPKG Enterprise       E1.0-SOLID        php-5.1.6-E1.0.0
OpenPKG Community        2-STABLE-20061018 apache-1.3.37-2.20061018
OpenPKG Community        2-STABLE-20061018 php-5.1.6-2.20061018
OpenPKG Community        2-STABLE          apache-1.3.37-2.20061018
OpenPKG Community        2-STABLE          php-5.1.6-2.20061018
OpenPKG Community        CURRENT           apache-1.3.37-20061016
OpenPKG Community        CURRENT           php-5.1.6-20061017

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Enterprise       E1.0-SOLID        apache-1.3.37-E1.0.1
OpenPKG Enterprise       E1.0-SOLID        php-5.1.6-E1.0.1
OpenPKG Community        2-STABLE-20061018 apache-1.3.37-2.20061103
OpenPKG Community        2-STABLE-20061018 php-5.2.0-2.20061103
OpenPKG Community        2-STABLE          apache-1.3.37-2.20061103
OpenPKG Community        2-STABLE          php-5.2.0-2.20061103
OpenPKG Community        CURRENT           apache-1.3.37-20061103
OpenPKG Community        CURRENT           php-5.2.0-20061103

→ Plain Text Version

Latest Advisories:
2007.023 perl
2007.022 bind
2007.021 wordpress
2007.020 php
2007.019 php
2007.018 freetype
2007.017 ratbox
2007.016 gd
2007.015 quagga
2007.014 bind
→ more...

Validation: XHTML | CSS

Organisations
Products
- OpenPKG Community
- Features
- Technology Pitch
- Package Database
- Registration
  - Registration Overview
  - Registry Service
- Download
  - Download Policy
  - Download Service
- Sales
  - Request
Services
Security
Documentation
- Flyer
- Presentation
- Showcase
- Article
- Thesis
- Tutorial
- Packaging
- F.A.Q
Community
My OpenPKG