Info

Disclosure

Jun 15, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

PHP contains a flaw related to the zend_hash_del() variable that may allow an attacker to compromise a vulnerable system. No further details have been provided.

Classification

Location: Remote / Network Access, Location Unknown
Attack Type: Input Manipulation, Attack Type Unknown
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been released to address this vulnerability.

Products

PHP	PHP	4
		5

References

CVE ID: 2006-2657 (see also: NVD) 2006-3017 (see also: NVD) 2006-4548 (see also: NVD)
Secunia Advisory ID: 20676 21328 22225 22713
SCIP VulDB ID: 2185
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0426.html
http://archives.neohapsis.com/archives/bugtraq/2006-08/0524.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html
Vendor Specific Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Jun/0005.html
Vendor Specific News/Changelog Entry: http://punbb.informer.com/download/hdiff/hdiff-1.2.13_to_1.2.14.html
http://www.php.net/release_4_4_3.php
http://www.php.net/release_5_1_3.php
Other Advisory URL: http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
http://www.us.debian.org/security/2006/dsa-1206
https://issues.rpath.com/browse/RPL-683
Vendor URL: http://www.php.net/

Credit

Suse Security Announce - Suse

Direct URL: http://osvdb.org/26466