National Cyber-Alert System

Vulnerability Summary for CVE-2005-3391

Overview

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statments (disclaimer)

Official Statement from Red Hat (08/30/2006)

We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA06-062A

Name: TA06-062A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA06-062A.html

External Source: CONFIRM

Name: http://www.php.net/release_4_4_1.php

Type: Patch Information

Hyperlink:http://www.php.net/release_4_4_1.php

External Source: VUPEN

Name: ADV-2005-2254

Type: Advisory; Patch Information

Hyperlink:http://www.frsirt.com/english/advisories/2005/2254

External Source: SECUNIA

Name: 17371

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/17371

External Source: MANDRIVA

Name: MDKSA-2006:035

Hyperlink:http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:035

External Source: UBUNTU

Name: USN-232-1

Hyperlink:http://www.ubuntulinux.org/usn/usn-232-1/document_view

External Source: BID

Name: 16907

Hyperlink:http://www.securityfocus.com/bid/16907

External Source: BID

Name: 15411

Hyperlink:http://www.securityfocus.com/bid/15411

External Source: SUSE

Name: SUSE-SA:2005:069

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/419504/100/0/threaded

External Source: OSVDB

Name: 20898

Hyperlink:http://www.osvdb.org/20898

External Source: OPENPKG

Name: OpenPKG-SA-2005.027

Hyperlink:http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html

External Source: GENTOO

Name: GLSA-200511-08

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml

External Source: VUPEN

Name: ADV-2006-4320

Hyperlink:http://www.frsirt.com/english/advisories/2006/4320

External Source: VUPEN

Name: ADV-2006-0791

Hyperlink:http://www.frsirt.com/english/advisories/2006/0791

External Source: SREASON

Name: 525

Hyperlink:http://securityreason.com/securityalert/525

External Source: SECUNIA

Name: 22691

Hyperlink:http://secunia.com/advisories/22691

External Source: SECUNIA

Name: 19064

Hyperlink:http://secunia.com/advisories/19064

External Source: SECUNIA

Name: 18763

Hyperlink:http://secunia.com/advisories/18763

External Source: SECUNIA

Name: 18198

Hyperlink:http://secunia.com/advisories/18198

External Source: SECUNIA

Name: 18054

Hyperlink:http://secunia.com/advisories/18054

External Source: SECUNIA

Name: 17510

Hyperlink:http://secunia.com/advisories/17510

External Source: APPLE

Name: APPLE-SA-2006-03-01

Hyperlink:http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html

External Source: HP

Name: HPSBMA02159

Hyperlink:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522

External Source: CONFIRM

Name: http://docs.info.apple.com/article.html?artnum=303382

Hyperlink:http://docs.info.apple.com/article.html?artnum=303382