Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Mandriva Security Update Fixes PHP Remote Command Execution Vulnerabilities

Title : Mandriva Security Update Fixes PHP Remote Command Execution Vulnerabilities
VUPEN ID : VUPEN/ADV-2006-4324
CVE ID : CVE-2006-5465
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-11-03

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format  Receive VUPEN Security notifications by SMS 

Mandriva has released security updates to address multiple vulnerabilities identified in PHP. These issues could be exploited by attackers to execute arbitrary commands or bypass security restrictions. For additional information, see : VUPEN/ADV-2006-4317

Affected Products

Mandriva Linux 2006.0
Mandriva Linux 2007.0
Mandriva Corporate 4.0
Mandriva Corporate 3.0
Multi Network Firewall 2.0

Solution

Upgrade the affected packages :

Mandriva Linux 2006.0:
8ae019c38dca51a9337f4d5458789998 2006.0/i586/libphp5_common5-5.0.4-9.17.20060mdk.i586.rpm
89764f16b9cd1633f5493ed3d132e66b 2006.0/i586/php-cgi-5.0.4-9.17.20060mdk.i586.rpm
c595ac93489ded728816bb6fe22af554 2006.0/i586/php-cli-5.0.4-9.17.20060mdk.i586.rpm
356e13c13453e8a386d9e3da81b0a378 2006.0/i586/php-devel-5.0.4-9.17.20060mdk.i586.rpm
48f41b59e68f594918b1885a3c9c0a6b 2006.0/i586/php-fcgi-5.0.4-9.17.20060mdk.i586.rpm
f72d50220e83c73973ec1bfe1257b0e9 2006.0/SRPMS/php-5.0.4-9.17.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
18b1ca183e03ce34b599d6108277209a 2006.0/x86_64/lib64php5_common5-5.0.4-9.17.20060mdk.x86_64.rpm
abd014a9856e9b5c77e8a05fb3c34e40 2006.0/x86_64/php-cgi-5.0.4-9.17.20060mdk.x86_64.rpm
6379ac6c6e3191f65e6b9d5836ae3c31 2006.0/x86_64/php-cli-5.0.4-9.17.20060mdk.x86_64.rpm
ce8df1e1bcf4392d99b84af60da3944b 2006.0/x86_64/php-devel-5.0.4-9.17.20060mdk.x86_64.rpm
940e32735642c94069c98b2c4ba20af5 2006.0/x86_64/php-fcgi-5.0.4-9.17.20060mdk.x86_64.rpm
f72d50220e83c73973ec1bfe1257b0e9 2006.0/SRPMS/php-5.0.4-9.17.20060mdk.src.rpm

Mandriva Linux 2007.0:
a410da63de208fc194368b890aa0364d 2007.0/i586/libphp5_common5-5.1.6-1.3mdv2007.0.i586.rpm
3dcfafde63b2678052b4aa1f6828b2e4 2007.0/i586/php-cgi-5.1.6-1.3mdv2007.0.i586.rpm
a2c1f77cac12a533e1f955d16ba481b6 2007.0/i586/php-cli-5.1.6-1.3mdv2007.0.i586.rpm
042fe335cea18315607c5a89e5aa760a 2007.0/i586/php-devel-5.1.6-1.3mdv2007.0.i586.rpm
4bb82eaf337acdd66124b1ca0ee517c3 2007.0/i586/php-fcgi-5.1.6-1.3mdv2007.0.i586.rpm
ba7910d7b21effc105bb5f72628145aa 2007.0/SRPMS/php-5.1.6-1.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
02c03b58ab4972b1db6355136efcbc95 2007.0/x86_64/lib64php5_common5-5.1.6-1.3mdv2007.0.x86_64.rpm
338064ee4822681c6bb3118197190aa0 2007.0/x86_64/php-cgi-5.1.6-1.3mdv2007.0.x86_64.rpm
6aec88f1f6a23b305d0a37ef6b07d606 2007.0/x86_64/php-cli-5.1.6-1.3mdv2007.0.x86_64.rpm
b0bc60669b685186c0495c6211227b5b 2007.0/x86_64/php-devel-5.1.6-1.3mdv2007.0.x86_64.rpm
ecc3d8f51bc4428ce0c4d397383dcec6 2007.0/x86_64/php-fcgi-5.1.6-1.3mdv2007.0.x86_64.rpm
ba7910d7b21effc105bb5f72628145aa 2007.0/SRPMS/php-5.1.6-1.3mdv2007.0.src.rpm

Corporate 3.0:
8d7650ec6b137d4170bbb342ea3844c1 corporate/3.0/i586/libphp_common432-4.3.4-4.22.C30mdk.i586.rpm
e3b750a6a804d6fea6eec412d2c1f310 corporate/3.0/i586/php432-devel-4.3.4-4.22.C30mdk.i586.rpm
8b6c53ed0fb0d46a08e3895921639d6c corporate/3.0/i586/php-cgi-4.3.4-4.22.C30mdk.i586.rpm
f3a09cfde83407281e1b9d6d7a32534f corporate/3.0/i586/php-cli-4.3.4-4.22.C30mdk.i586.rpm
c002aea6333f18e14fa1ac28e898dbad corporate/3.0/SRPMS/php-4.3.4-4.22.C30mdk.src.rpm

Corporate 3.0/X86_64:
97243a9fa985697f0fd52a970a8077cc corporate/3.0/x86_64/lib64php_common432-4.3.4-4.22.C30mdk.x86_64.rpm
0b1607dc61d278c7d04372fa914e4c8d corporate/3.0/x86_64/php432-devel-4.3.4-4.22.C30mdk.x86_64.rpm
c0d7bbe2392dc6ddb4acbeabd887bd29 corporate/3.0/x86_64/php-cgi-4.3.4-4.22.C30mdk.x86_64.rpm
1ea692b1ad5a3d477512e11e86fd713d corporate/3.0/x86_64/php-cli-4.3.4-4.22.C30mdk.x86_64.rpm
c002aea6333f18e14fa1ac28e898dbad corporate/3.0/SRPMS/php-4.3.4-4.22.C30mdk.src.rpm

Corporate 4.0:
8df71b11fed8cc21f445d55e58601aa0 corporate/4.0/i586/libphp4_common4-4.4.4-1.2.20060mlcs4.i586.rpm
5e77c32ad6fb645b896fee3d6f50f11a corporate/4.0/i586/libphp5_common5-5.1.6-1.2.20060mlcs4.i586.rpm
be96a5eb32f41e54881e4466009b37d9 corporate/4.0/i586/php4-cgi-4.4.4-1.2.20060mlcs4.i586.rpm
c1c5252b1684f8d7f0fe58e9e605828a corporate/4.0/i586/php4-cli-4.4.4-1.2.20060mlcs4.i586.rpm
39a2dc3fd1d9adddaed8181c000f5302 corporate/4.0/i586/php4-devel-4.4.4-1.2.20060mlcs4.i586.rpm
6ea5d049c5da06d2931ca3337985304f corporate/4.0/i586/php-cgi-5.1.6-1.2.20060mlcs4.i586.rpm
93941ace693293c77daba334636b7563 corporate/4.0/i586/php-cli-5.1.6-1.2.20060mlcs4.i586.rpm
06ea3e95a9ac1d3fbb507328b646e940 corporate/4.0/i586/php-devel-5.1.6-1.2.20060mlcs4.i586.rpm
58a608f2fd1cf8e565c2ab1f934ab8d2 corporate/4.0/i586/php-fcgi-5.1.6-1.2.20060mlcs4.i586.rpm
9c8997a7a9a9c17b50e18a227f71ee23 corporate/4.0/SRPMS/php4-4.4.4-1.2.20060mlcs4.src.rpm
7cd8221ccc428aab1d38f1a91add22f8 corporate/4.0/SRPMS/php-5.1.6-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
adbc99f70811f6c7ed676bef35577e5d corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.2.20060mlcs4.x86_64.rpm
e6b2055e58580db96413f163574b3cdc corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.2.20060mlcs4.x86_64.rpm
50031789901c23ee5fb217e577ee719c corporate/4.0/x86_64/php4-cgi-4.4.4-1.2.20060mlcs4.x86_64.rpm
be2a21195970e9b532ba16fc9b157f40 corporate/4.0/x86_64/php4-cli-4.4.4-1.2.20060mlcs4.x86_64.rpm
fdebf3289f9cc10d0f1484593c313162 corporate/4.0/x86_64/php4-devel-4.4.4-1.2.20060mlcs4.x86_64.rpm
6fac2f67fab3a30431fd132d22b4aa27 corporate/4.0/x86_64/php-cgi-5.1.6-1.2.20060mlcs4.x86_64.rpm
6c5c947a02c4e7bc63ac4a005ffd1040 corporate/4.0/x86_64/php-cli-5.1.6-1.2.20060mlcs4.x86_64.rpm
fe92ab34335e0297dcaa548d26b63556 corporate/4.0/x86_64/php-devel-5.1.6-1.2.20060mlcs4.x86_64.rpm
09d68ae77defbfd1e8b66ff6a213b3f9 corporate/4.0/x86_64/php-fcgi-5.1.6-1.2.20060mlcs4.x86_64.rpm
9c8997a7a9a9c17b50e18a227f71ee23 corporate/4.0/SRPMS/php4-4.4.4-1.2.20060mlcs4.src.rpm
7cd8221ccc428aab1d38f1a91add22f8 corporate/4.0/SRPMS/php-5.1.6-1.2.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
7b2b2b8cd5c75b2313b121754833dcfe mnf/2.0/i586/libphp_common432-4.3.4-4.22.M20mdk.i586.rpm
033d110e3c513bfd3a1faab0e758b49f mnf/2.0/i586/php432-devel-4.3.4-4.22.M20mdk.i586.rpm
d8b87da4f43969db8f3a4e3ec11cd0b9 mnf/2.0/i586/php-cgi-4.3.4-4.22.M20mdk.i586.rpm
1d72f35d59e635335a759a92806b1723 mnf/2.0/i586/php-cli-4.3.4-4.22.M20mdk.i586.rpm
7179f60bc913aca238097d745267e946 mnf/2.0/SRPMS/php-4.3.4-4.22.M20mdk.src.rpm

References

http://www.vupen.com/english/advisories/2006/4324
http://archives.mandrivalinux.com/security-announce/2006-11/msg00000.php

ChangeLog

2006-11-03 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7


  >> 2009-05-12

     

  Microsoft Patched 14
  Office PowerPoint Flaws

 

  >> 2009-04-28

     

  Adobe Reader / Acrobat
  Vulnerabilities Disclosed

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy