CVE-2006-4020

Severity

46%

Complexity

39%

Confidentiality

106%

A Patch(es) addressing this vulnerability can be found here: http://snaps.php.net/

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.

A Patch(es) addressing this vulnerability can be found here: http://snaps.php.net/

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

PHP

First reported 18 years ago

2006-08-08 20:04:00

Last updated 6 years ago

2018-10-30 16:25:00

Affected Software

PHP 4.0.0

4.0

PHP PHP 4.0 Beta 1

4.0

PHP PHP 4.0 Beta 2

4.0

PHP PHP 4.0 Beta 3

4.0

PHP PHP 4.0 Beta 4

4.0

PHP PHP 4.0 Beta 4 Patch Level 1

4.0

PHP 4.0 Release Candidate 1

4.0

PHP 4.0 Release Candidate 2

4.0

PHP PHP 4.0.0

4.0.0

PHP PHP 4.0.1

4.0.1

PHP PHP 4.0.2

4.0.2

PHP PHP 4.0.3

4.0.3

PHP PHP 4.0.4

4.0.4

PHP PHP 4.0.5

4.0.5

PHP PHP 4.0.6

4.0.6

PHP PHP 4.0.7

4.0.7

PHP 4.0.7 Release Candidate 1

4.0.7

PHP 4.0.7 Release Candidate 2

4.0.7

PHP 4.0.7 Release Candidate 3

4.0.7

PHP PHP 4.1.0

4.1.0

PHP PHP 4.1.1

4.1.1

PHP PHP 4.1.2

4.1.2

PHP PHP 4.2.0

4.2.0

PHP PHP 4.2.1

4.2.1

PHP PHP 4.2.2

4.2.2

PHP PHP 4.2.3

4.2.3

PHP PHP 4.3.0

4.3.0

PHP PHP 4.3.1

4.3.1

PHP PHP 4.3.2

4.3.2

PHP PHP 4.3.3

4.3.3

PHP PHP 4.3.4

4.3.4

PHP PHP 4.3.5

4.3.5

PHP PHP 4.3.6

4.3.6

PHP PHP 4.3.7

4.3.7

PHP PHP 4.3.8

4.3.8

PHP PHP 4.3.9

4.3.9

PHP PHP 4.3.10

4.3.10

PHP PHP 4.3.11

4.3.11

PHP PHP 4.4.0

4.4.0

PHP PHP 4.4.1

4.4.1

PHP PHP 4.4.2

4.4.2

PHP PHP 4.4.3

4.4.3

PHP PHP 5.0.0

5.0.0

PHP PHP 5.0.0 Beta1

5.0.0

PHP PHP 5.0.0 Beta2

5.0.0

PHP PHP 5.0.0 Beta3

5.0.0

PHP PHP 5.0.0 Beta4

5.0.0

PHP PHP 5.0.0 RC1

5.0.0

PHP PHP 5.0.0 RC2

5.0.0

PHP PHP 5.0.0 RC3

5.0.0

PHP PHP 5.0.1

5.0.1

PHP PHP 5.0.2

5.0.2

PHP PHP 5.0.3

5.0.3

PHP PHP 5.0.4

5.0.4

PHP PHP 5.0.5

5.0.5

PHP PHP 5.1.0

5.1.0

PHP PHP 5.1.1

5.1.1

PHP PHP 5.1.2

5.1.2

PHP 5.1.4

5.1.4

References

20061001-01-P

http://bugs.php.net/bug.php?id=38322

Exploit, Patch

RHSA-2006:0688

RHSA-2006:0736

21403

21467

21546

21608

21683

21768

21847

22004

22039

22069

22440

22487

22538

23247

GLSA-200608-28

1341

1016984

http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm

MDKSA-2006:144

SUSE-SR:2006:019

SUSE-SR:2006:020

SUSE-SR:2006:022

SUSE-SA:2006:052

http://www.php.net/ChangeLog-5.php#5.1.5

http://www.php.net/release_5_1_5.php

http://www.plain-text.info/sscanf_bug.txt

Exploit

RHSA-2006:0669

RHSA-2006:0682

20060804 php local buffer underflow could lead to arbitary code execution

Exploit, Patch, Vendor Advisory

19415

USN-342-1

ADV-2006-3193

oval:org.mitre.oval:def:11062

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.