VUPEN Security - Fedora Security Update Fixes PHP Remote Command Execution Vulnerabilities / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Fedora Security Update Fixes PHP Remote Command Execution Vulnerabilities

Title : Fedora Security Update Fixes PHP Remote Command Execution Vulnerabilities
VUPEN ID : VUPEN/ADV-2006-4374
CVE ID : CVE-2006-5465
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-11-07

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Fedora has released security updates to address multiple vulnerabilities identified in PHP. These issues could be exploited by attackers to execute arbitrary commands. For additional information, see : VUPEN/ADV-2006-4317

Affected Products

Fedora Core 6
Fedora Core 5

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

fdaff1860db25949ce5c289d1d1c64fad2bb95f0 SRPMS/php-5.1.6-3.1.fc6.src.rpm
fdaff1860db25949ce5c289d1d1c64fad2bb95f0 noarch/php-5.1.6-3.1.fc6.src.rpm
f606cb4d7dc9a313189047b7162d4cec95d4c0f3 ppc/php-xml-5.1.6-3.1.fc6.ppc.rpm
5c4e53cebeef3cc03001aa212f243ea0473a7504 ppc/php-odbc-5.1.6-3.1.fc6.ppc.rpm
322e2b104d0eb2bacf51d6e13470dd510a11d9f0 ppc/php-snmp-5.1.6-3.1.fc6.ppc.rpm
640917687bf700149d2d9968a7ce73a9ebbf4669 ppc/php-mysql-5.1.6-3.1.fc6.ppc.rpm
2294e459a7c37e53a6631f9b223cc020338de9ff ppc/php-imap-5.1.6-3.1.fc6.ppc.rpm
3fd1030e4fe9e38bcec4f066732dae90c181b99f ppc/php-pgsql-5.1.6-3.1.fc6.ppc.rpm
c28587f5fc3f3f09cd76f48f4ec75dd706ab53b4 ppc/php-cli-5.1.6-3.1.fc6.ppc.rpm
3c0bc4e812d8062cf59f2c51ce9368052ccc5ee5 ppc/php-pdo-5.1.6-3.1.fc6.ppc.rpm
a383648ac8f39805ac3c7d0555f01caf6a699aa6 ppc/php-xmlrpc-5.1.6-3.1.fc6.ppc.rpm
883d3f6891895ed45e7dac79ee7cf460ae1337ba ppc/php-devel-5.1.6-3.1.fc6.ppc.rpm
e9d05311c3612a84b89e30828d5370dbc422d496 ppc/php-mbstring-5.1.6-3.1.fc6.ppc.rpm
1861ff9af766769de15e913dd50f29fc56126471 ppc/php-soap-5.1.6-3.1.fc6.ppc.rpm
37af369e8f3a99dd979a4157b6e90aa61df715e9 ppc/php-gd-5.1.6-3.1.fc6.ppc.rpm
d65e1659c9caba95da3627e5734cafac793d91c0 ppc/php-bcmath-5.1.6-3.1.fc6.ppc.rpm
95843f3aa7a61627661f336c1ce535d1dca28116 ppc/php-ncurses-5.1.6-3.1.fc6.ppc.rpm
7f83246a9a6fce943adcb9abdfdba689cea653e1 ppc/php-ldap-5.1.6-3.1.fc6.ppc.rpm
b4bbd8542a7fce2559385bc24d841e03babed98e ppc/debug/php-debuginfo-5.1.6-3.1.fc6.ppc.rpm
8841fab4c4fae0b3163ea9001e2206c34c2d7eda ppc/php-5.1.6-3.1.fc6.ppc.rpm
7f235d7f7e6a5192ca8320d6eab84a9c9f1f1d27 ppc/php-common-5.1.6-3.1.fc6.ppc.rpm
acbb7917dae1959b5976738b151b423cfec3198e ppc/php-dba-5.1.6-3.1.fc6.ppc.rpm
325204f3c3e072cfae02ed8891509612d36e861a x86_64/php-dba-5.1.6-3.1.fc6.x86_64.rpm
b0a692d3e0b8afcfd55d6661cf21eb2e60dcb2db x86_64/php-bcmath-5.1.6-3.1.fc6.x86_64.rpm
83549e6f94c6484d9e06b8da55f07c5fb2c0e11f x86_64/php-imap-5.1.6-3.1.fc6.x86_64.rpm
71c58bb546aef8b8ec12d9efa344ae33c1077dd2 x86_64/php-ldap-5.1.6-3.1.fc6.x86_64.rpm
ba5aebb1e50ee45d9cd6dfbcef8796a960c3ba3c x86_64/php-xml-5.1.6-3.1.fc6.x86_64.rpm
4b4d04fac1e922806534ab5dc9acc338c70f3872 x86_64/php-pgsql-5.1.6-3.1.fc6.x86_64.rpm
098dbd900524e2fcc36e0b2c0acb781c6576264b x86_64/php-cli-5.1.6-3.1.fc6.x86_64.rpm
d9c7adde036fa648167a67a88cfe7d4190c44100 x86_64/php-ncurses-5.1.6-3.1.fc6.x86_64.rpm
ee1a53fb47dda2a4a534ff594352c38c4b0986e1 x86_64/php-soap-5.1.6-3.1.fc6.x86_64.rpm
0c9a538f449d6c2eef6d2b38b7a8f069844e9155 x86_64/php-5.1.6-3.1.fc6.x86_64.rpm
3f331f812d8de9cb0259bd09180697d8ae41c285 x86_64/php-gd-5.1.6-3.1.fc6.x86_64.rpm
cb0fa51c574d980d945caa97bf5d7b221782c144 x86_64/php-odbc-5.1.6-3.1.fc6.x86_64.rpm
9e6963e032336c52eb7880372efb4c26582d6edf x86_64/php-common-5.1.6-3.1.fc6.x86_64.rpm
7193738b671c9c0dfd0a1bd211f1fbc85b9318ce x86_64/php-mysql-5.1.6-3.1.fc6.x86_64.rpm
3e12ea8e7f3813182d83bfadfde562485d9edb7b x86_64/debug/php-debuginfo-5.1.6-3.1.fc6.x86_64.rpm
5b62141f9203a14104cd20ce14e0c6272f67c746 x86_64/php-devel-5.1.6-3.1.fc6.x86_64.rpm
00efc92987ef52d18bffb6cf72756b13c6078dd8 x86_64/php-xmlrpc-5.1.6-3.1.fc6.x86_64.rpm
8821f60379ee3caae18f26a8332c705651041b04 x86_64/php-pdo-5.1.6-3.1.fc6.x86_64.rpm
e78f305eae9178af91f2310f7cf2950492741240 x86_64/php-mbstring-5.1.6-3.1.fc6.x86_64.rpm
631eb407541c543cd5c6f9abc1686ef5754ec5d5 x86_64/php-snmp-5.1.6-3.1.fc6.x86_64.rpm
716c15740753902ace42973a39b76b9f6cf5e850 i386/php-devel-5.1.6-3.1.fc6.i386.rpm
5e69f43718f6af5a61bc7dab54056aec01e9ca4b i386/php-cli-5.1.6-3.1.fc6.i386.rpm
f4f6c8c950955c9157305ce8110896b527305681 i386/php-imap-5.1.6-3.1.fc6.i386.rpm
e4dbd86f39f4c37beba4ac24edd7363b3d43a98c i386/php-odbc-5.1.6-3.1.fc6.i386.rpm
e60b4f1cec604301e676c859e2f4cd2cff3c8eaf i386/php-pdo-5.1.6-3.1.fc6.i386.rpm
7b92baae7ca7b9d7c21d3dfe1da3ff55f0b07015 i386/php-bcmath-5.1.6-3.1.fc6.i386.rpm
2bd97ad6f43105421f58cf40e9b9c8638e8e4c73 i386/php-soap-5.1.6-3.1.fc6.i386.rpm
f42098e8f767d4488db481a34edf63cd99a829d6 i386/php-xml-5.1.6-3.1.fc6.i386.rpm
1f0ed1fb1eb65d48c410f99fd57d020e9e6fb937 i386/php-xmlrpc-5.1.6-3.1.fc6.i386.rpm
8804092be468e7271f3d42021a1af3995bfaf258 i386/php-pgsql-5.1.6-3.1.fc6.i386.rpm
da7cbce0523617cf7edf0b86eb08649e6455024d i386/php-ldap-5.1.6-3.1.fc6.i386.rpm
e52d04c8c86fc6e6fe6dd22b04d9646610afa0c2 i386/debug/php-debuginfo-5.1.6-3.1.fc6.i386.rpm
32dcb8135fd4c5d2817d5168fe1430de274c8876 i386/php-gd-5.1.6-3.1.fc6.i386.rpm
8c5b8a69beb3ff000218d169c153bac456b9e1ed i386/php-dba-5.1.6-3.1.fc6.i386.rpm
d037cc204da402d8b29035ae7d24720fbbf34cd1 i386/php-common-5.1.6-3.1.fc6.i386.rpm
8291f972801bf15d19cd335209734af6bfec9a09 i386/php-mysql-5.1.6-3.1.fc6.i386.rpm
8e397f2e8e826f5044b1805698feaafe222f30d1 i386/php-5.1.6-3.1.fc6.i386.rpm
5ef5e46eb26e3c651979c4b50b1e6de18db2a980 i386/php-ncurses-5.1.6-3.1.fc6.i386.rpm
1dbaa2f97869402950bf9e335c0245845fb452ef i386/php-mbstring-5.1.6-3.1.fc6.i386.rpm
176c633f4e9a197e437461b69a914e5e1762f933 i386/php-snmp-5.1.6-3.1.fc6.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

bff633c8ad940ae896bb046b113ef0c8f12de51c SRPMS/php-5.1.6-1.2.src.rpm
bff633c8ad940ae896bb046b113ef0c8f12de51c noarch/php-5.1.6-1.2.src.rpm
bd6fc1dda014a5bb23fa4b2fc956cc24abd43649 ppc/php-odbc-5.1.6-1.2.ppc.rpm
31f96bcdfb50dc8b0bb81c7cdd7f85927bcf2001 ppc/php-xmlrpc-5.1.6-1.2.ppc.rpm
8035ffd5d7c3f6e7c646a68e04815f966270f7f2 ppc/php-ldap-5.1.6-1.2.ppc.rpm
cde3923768d8c18d930d12b5a16c7a0032d49a65 ppc/php-imap-5.1.6-1.2.ppc.rpm
cc7a7084c2007080948a919c21402d93fc777782 ppc/php-dba-5.1.6-1.2.ppc.rpm
66ed82fb62b3602f33bd61a99c0c752e9cb69f44 ppc/php-xml-5.1.6-1.2.ppc.rpm
c9b92115646fa3e42cb5a78be841d6434d1c30d2 ppc/php-pdo-5.1.6-1.2.ppc.rpm
2c6db23904015ff7c98e1fa0a23d24935379fc6c ppc/php-soap-5.1.6-1.2.ppc.rpm
a2fc85fb72399e8fd0d05f80c662fa7a1f1c3933 ppc/php-mbstring-5.1.6-1.2.ppc.rpm
3541b950ead159bf79e58569ba510456f74e3a2f ppc/php-bcmath-5.1.6-1.2.ppc.rpm
2e34c835a687369699f4ed27e43bbe4977b35832 ppc/php-pgsql-5.1.6-1.2.ppc.rpm
1b204e9e6f20ef334c334074853b219042aaf3c9 ppc/php-gd-5.1.6-1.2.ppc.rpm
9ee03eeac15c80ebeb11b8ba5072c5a4ec8394ab ppc/php-mysql-5.1.6-1.2.ppc.rpm
d147d49d2d332a57f2658253f7abcf815a133714 ppc/php-snmp-5.1.6-1.2.ppc.rpm
e2a16e70682963b9c1ba4e6638523b0688ef24b2 ppc/debug/php-debuginfo-5.1.6-1.2.ppc.rpm
69edd9e0dc0d0dbfc38b753503d1d5c5fd9a579c ppc/php-5.1.6-1.2.ppc.rpm
15927b504069c14b5e161bc2c098e9090bb002c8 ppc/php-devel-5.1.6-1.2.ppc.rpm
601bce2f6a7b855b0f670801f0d7337eb83d8602 ppc/php-ncurses-5.1.6-1.2.ppc.rpm
5b3c980aad87a3f14a7833b7cb3b29d7111117ce x86_64/php-ncurses-5.1.6-1.2.x86_64.rpm
70587623f754af6c6294f84079cf7db6dbe555d8 x86_64/php-5.1.6-1.2.x86_64.rpm
87d2927aacf253fc0fba49ed6a64eda5abf2d7f6 x86_64/php-devel-5.1.6-1.2.x86_64.rpm
9e52b6b55a2a195a348b46dcac3e7e12f05dd6ec x86_64/php-ldap-5.1.6-1.2.x86_64.rpm
e5aaa950afb119b0e905db2b0bd1769413f6bf93 x86_64/php-mbstring-5.1.6-1.2.x86_64.rpm
29d3d207ae70ee622bc54958e8b916915f2a62c3 x86_64/php-mysql-5.1.6-1.2.x86_64.rpm
e5238f8d9f56d117edaf52b436fa0220fb411ba8 x86_64/debug/php-debuginfo-5.1.6-1.2.x86_64.rpm
14bad3ab96cc594869808b7a305ce1896c7e4c4b x86_64/php-bcmath-5.1.6-1.2.x86_64.rpm
546c5c204ad6c62c17f50153360396716e33a940 x86_64/php-imap-5.1.6-1.2.x86_64.rpm
79adc80660d5e03566e3dcc3d96ea05e8c7a4c51 x86_64/php-pdo-5.1.6-1.2.x86_64.rpm
6a984f1d689e9d306a37b6109dedc600dece9bf6 x86_64/php-pgsql-5.1.6-1.2.x86_64.rpm
d89c566e9bc51bbb10f6541999901d43f1ff2eda x86_64/php-snmp-5.1.6-1.2.x86_64.rpm
57b7cd706c71075eebd148e537b8fc5d113fef07 x86_64/php-xml-5.1.6-1.2.x86_64.rpm
2fa64f2b3e4777b621d74b5f419cc1947b131e4b x86_64/php-xmlrpc-5.1.6-1.2.x86_64.rpm
c9ff5fe6e1406d13353656ed5046a53ea2bb6ac6 x86_64/php-soap-5.1.6-1.2.x86_64.rpm
066e53533aa8b1b6168169ffe390a17da794be17 x86_64/php-odbc-5.1.6-1.2.x86_64.rpm
d9b709bf34c32d378b47a43bc32ed4cde8e796fc x86_64/php-dba-5.1.6-1.2.x86_64.rpm
a59826b1761b3495cf20dc551fd329c4fdae02f5 x86_64/php-gd-5.1.6-1.2.x86_64.rpm
d436718a76620b04418fec7e9a599f74cf2d6ad9 i386/php-devel-5.1.6-1.2.i386.rpm
7d86cf903fcaa4d256d462bdddd2b18ac1ab6ae1 i386/php-xmlrpc-5.1.6-1.2.i386.rpm
60504ead834b0444e13c7c3bff7ce8b469ee0e6f i386/php-imap-5.1.6-1.2.i386.rpm
5aefb6a649088cac4d91d1bc2eb3eef428834d58 i386/php-gd-5.1.6-1.2.i386.rpm
49f17ac6fad2844972564861e60dd72c8ae44f37 i386/php-odbc-5.1.6-1.2.i386.rpm
1a3f6ea3df2685ff5a225e33224ce9d798f379f6 i386/php-5.1.6-1.2.i386.rpm
be83b78dc93c864e92a95ce5cbf77a6104a825d6 i386/php-xml-5.1.6-1.2.i386.rpm
21e00eea3527594d4ee66061c8c4bbd181d3ba05 i386/php-pgsql-5.1.6-1.2.i386.rpm
89fb1a2d1c26a630d411d715a6a8859ab908be00 i386/php-snmp-5.1.6-1.2.i386.rpm
2766e06ba5349391f8d2e2d3b10cf75505518b03 i386/php-pdo-5.1.6-1.2.i386.rpm
7b85fec406ee33e508aae272ff6118cc819064fd i386/php-soap-5.1.6-1.2.i386.rpm
73c94b32b5b1baddabd6f73d6f4d2e8eabada028 i386/debug/php-debuginfo-5.1.6-1.2.i386.rpm
423b0e83484c42f1d3de7aa43cb7e962bd827104 i386/php-mysql-5.1.6-1.2.i386.rpm
2348043db923043687f01d21b21c71c54d062a83 i386/php-bcmath-5.1.6-1.2.i386.rpm
6d3a9cbc9d618000badefac8d4f6ffb65760c809 i386/php-ldap-5.1.6-1.2.i386.rpm
4bded5f1a74af7a46d229ffb3869d29d1e11425a i386/php-mbstring-5.1.6-1.2.i386.rpm
a60baa3b27ebee463399225c41fcefbc2eaf55df i386/php-ncurses-5.1.6-1.2.i386.rpm
8e994c3d06fd5c00d950692ca0eaddf015f8f805 i386/php-dba-5.1.6-1.2.i386.rpm

References

http://www.vupen.com/english/advisories/2006/4374
https://www.redhat.com/archives/fedora-package-announce/2006-November/msg00027.html
https://www.redhat.com/archives/fedora-package-announce/2006-November/msg00026.html

ChangeLog

2006-11-07 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

>> 2009-07-06

Microsoft Windows 0-Day
Flaw Exploited in the Wild

>> 2009-06-10

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

>> 2009-06-02

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

>> 2009-05-22

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

More Informations