| CNNVD-ID编号 | CNNVD-200604-121 | CVE编号 | CVE-2006-1608 |
| 发布时间 | 2006-04-10 | 更新时间 | 2006-04-10 |
| 漏洞类型 | 输入验证 | 漏洞来源 | Maksymilian Arciemowicz discovered these issues. |
| 危险等级 | 低危 | 威胁类型 | 本地 |
| 厂商 | php | ||
PHP 4.4.2和5.1.2中file.c中的copy函数允许本地用户借助于包含compress.zlib:// URI的源参数绕过安全模式并读取任意文件。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
S.u.S.E. Linux Professional 10.0
SuSE apache2-mod_php4-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php4 -4.4.0-6.10.i586.rpm
SuSE apache2-mod_php4-4.4.0-6.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php4- 4.4.0-6.10.ppc.rpm
SuSE apache2-mod_php4-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_ph p4-4.4.0-6.10.x86_64.rpm
SuSE apache2-mod_php5-5.0.4-9.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php5- 5.0.4-9.10.ppc.rpm
SuSE apache2-mod_php5-5.0.4-9.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_ph p5-5.0.4-9.10.x86_64.rpm
SuSE php4-32bit-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-32bit-4.4 .0-6.10.x86_64.rpm
SuSE php4-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-4.4.0-6.10. i586.rpm
SuSE php4-4.4.0-6.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-4.4.0-6.10.p pc.rpm
SuSE php4-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-4.4.0-6.1 0.x86_64.rpm
SuSE php4-exif-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-exif-4.4.0- 6.10.i586.rpm
SuSE php4-exif-4.4.0-6.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-exif-4.4.0-6 .10.ppc.rpm
SuSE php4-exif-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-exif-4.4. 0-6.10.x86_64.rpm
SuSE php4-fastcgi-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-fastcgi-4.4 .0-6.10.i586.rpm
SuSE php4-fastcgi-4.4.0-6.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-fastcgi-4.4. 0-6.10.ppc.rpm
SuSE php4-fastcgi-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-fastcgi-4 .4.0-6.10.x86_64.rpm
SuSE php4-mbstring-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mbstring-4. 4.0-6.10.i586.rpm
SuSE php4-mbstring-4.4.0-6.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mbstring-4.4 .0-6.10.ppc.rpm
SuSE php4-mbstring-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mbstring- 4.4.0-6.10.x86_64.rpm
SuSE php4-servlet-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-servlet-4.4 .0-6.10.i586.rpm
SuSE php4-servlet-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-servlet-4 .4.0-6.10.x86_64.rpm
SuSE php4-unixODBC-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-unixODBC-4. 4.0-6.10.i586.rpm
SuSE php4-unixODBC-4.4.0-6.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-unixODBC-4.4 .0-6.10.ppc.rpm
SuSE php4-unixODBC-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-unixODBC- 4.4.0-6.10.x86_64.rpm
SuSE php5-5.0.4-9.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-5.0.4-9.10. i586.rpm
SuSE php5-5.0.4-9.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-5.0.4-9.10.p pc.rpm
SuSE php5-5.0.4-9.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-5.0.4-9.1 0.x86_64.rpm
SuSE php5-exif-5.0.4-9.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-exif-5.0.4- 9.10.i586.rpm
SuSE php5-exif-5.0.4-9.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-exif-5.0.4-9
来源: SREASONRES
名称: 20060408 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2
来源: SECUNIA
名称: 19599
来源: XF
名称: php-copy-safemode-bypass(25706)
来源: UBUNTU
名称: USN-320-1
来源: BID
名称: 17439
来源: BUGTRAQ
名称: 20060723 Re: new shell bypass safe mode
链接:http://www.securityfocus.com/archive/1/archive/1/441210/100/0/threaded
来源: BUGTRAQ
名称: 20060718 new shell bypass safe mode
链接:http://www.securityfocus.com/archive/1/archive/1/440869/100/0/threaded
来源: BUGTRAQ
名称: 20060409 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2
链接:http://www.securityfocus.com/archive/1/archive/1/430461/100/0/threaded
来源: OSVDB
名称: 24487
来源: MANDRIVA
名称: MDKSA-2006:074
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
来源: VUPEN
名称: ADV-2006-1290
来源: us.php.net
来源: SECTRACK
名称: 1015882
来源: SREASON
名称: 678
来源: SECUNIA
名称: 21125
来源: SECUNIA
名称: 19775
计算
安全
数据库
网络和加速
企业服务
