cvelistv5 - cve-2006-2563

CVE-2006-2563 (GCVE-0-2006-2563)

Vulnerability from cvelistv5

Published

2006-05-29 16:00

Modified

2024-08-07 17:58

Severity ?

CWE

Summary

The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.

References

URL

Tags

	http://secunia.com/advisories/21847	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/20337	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/18116	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/22039	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/21050	third-party-advisory, x_refsource_SECUNIA
	http://securityreason.com/securityalert/959	third-party-advisory, x_refsource_SREASON
	http://securityreason.com/achievement_securityalert/39	third-party-advisory, x_refsource_SREASONRES
	http://www.mandriva.com/security/advisories?name=MDKSA-2006:122	vendor-advisory, x_refsource_MANDRIVA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/26764	vdb-entry, x_refsource_XF
	http://www.novell.com/linux/security/advisories/2006_22_sr.html	vendor-advisory, x_refsource_SUSE
	http://securitytracker.com/id?1016175	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/2055	vdb-entry, x_refsource_VUPEN
	http://www.novell.com/linux/security/advisories/2006_52_php.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:58:50.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "21847",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21847"
          },
          {
            "name": "20337",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20337"
          },
          {
            "name": "18116",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18116"
          },
          {
            "name": "22039",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22039"
          },
          {
            "name": "21050",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21050"
          },
          {
            "name": "959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/959"
          },
          {
            "name": "20060526 cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASONRES",
              "x_transferred"
            ],
            "url": "http://securityreason.com/achievement_securityalert/39"
          },
          {
            "name": "MDKSA-2006:122",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
          },
          {
            "name": "php-curl-safemode-bypass(26764)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26764"
          },
          {
            "name": "SUSE-SR:2006:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html"
          },
          {
            "name": "1016175",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016175"
          },
          {
            "name": "ADV-2006-2055",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2055"
          },
          {
            "name": "SUSE-SA:2006:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_52_php.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "21847",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21847"
        },
        {
          "name": "20337",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20337"
        },
        {
          "name": "18116",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18116"
        },
        {
          "name": "22039",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22039"
        },
        {
          "name": "21050",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21050"
        },
        {
          "name": "959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/959"
        },
        {
          "name": "20060526 cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASONRES"
          ],
          "url": "http://securityreason.com/achievement_securityalert/39"
        },
        {
          "name": "MDKSA-2006:122",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
        },
        {
          "name": "php-curl-safemode-bypass(26764)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26764"
        },
        {
          "name": "SUSE-SR:2006:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html"
        },
        {
          "name": "1016175",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016175"
        },
        {
          "name": "ADV-2006-2055",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2055"
        },
        {
          "name": "SUSE-SA:2006:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_52_php.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2563",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "21847",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21847"
            },
            {
              "name": "20337",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20337"
            },
            {
              "name": "18116",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18116"
            },
            {
              "name": "22039",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22039"
            },
            {
              "name": "21050",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21050"
            },
            {
              "name": "959",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/959"
            },
            {
              "name": "20060526 cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4",
              "refsource": "SREASONRES",
              "url": "http://securityreason.com/achievement_securityalert/39"
            },
            {
              "name": "MDKSA-2006:122",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
            },
            {
              "name": "php-curl-safemode-bypass(26764)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26764"
            },
            {
              "name": "SUSE-SR:2006:022",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html"
            },
            {
              "name": "1016175",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016175"
            },
            {
              "name": "ADV-2006-2055",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2055"
            },
            {
              "name": "SUSE-SA:2006:052",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_52_php.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2563",
    "datePublished": "2006-05-29T16:00:00.000Z",
    "dateReserved": "2006-05-23T00:00:00.000Z",
    "dateUpdated": "2024-08-07T17:58:50.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2006-AVI-222

Vulnerability from certfr_avis

Des vulnérabilités identifiées dans cURL (les fonctions cURL sont dans la bibliothèque libcurl pour PHP) peuvent être exploitées par un utilisateur local malveillant, afin de contourner la politique de sécurité associée à PHP.

Description

PHP est un langage de programmation pour la création de pages Internet. Il peut être configuré en Safe Mode afin de préciser certaines règles de sécurité (vérifier l'identifiant UID du propriétaire, restreindre la modification des variables d'environnement, exécuter des programmes, etc). cURL est un moyen pour se connecter et communiquer avec un ensemble varié de serveurs (FTP, FTPS, HTTP, HTTPS, TELNET, etc). Il se présente sous la forme d'une bibliothèque nommée libcurl pour PHP.

Des vulnérabilités identifiées dans cURL peuvent être exploitées par un utilisateur local malveillant, afin de contourner certaines restrictions définies par Safe Mode.

Solution

Se référer au bulletin de mise à jour de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PHP	PHP	Les versions PHP 4.4.2 et antérieures ;
	PHP	PHP	les versions PHP 5.1.4 et celles antérieures.

References

Title

Publication Time

Tags

Mise à jour du projet cURL	None	vendor-advisory
Site décrivant Safe Mode pour PHP :	-	other
Mise à jour de la bibliothèque libcurl pour PHP :	-	other
Site du projet cURL :	-	other
Bulletin de sécurité Ubuntu USN-320-2 du 26 juillet 2006 :	-	other
Bulletin de sécurité SuSE SUSE-SA:2006:052 du 21 septembre 2006 :	-	other
Bulletin de sécurité Ubuntu USN-320-1 du 19 juillet 2006 :	-	other
Bulletin de sécurité Mandriva MDKSA-2006:122 du 13 juillet 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Les versions PHP 4.4.2 et ant\u00e9rieures ;",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "les versions PHP 5.1.4 et celles ant\u00e9rieures.",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPHP est un langage de programmation pour la cr\u00e9ation de pages Internet.\nIl peut \u00eatre configur\u00e9 en Safe Mode afin de pr\u00e9ciser certaines r\u00e8gles de\ns\u00e9curit\u00e9 (v\u00e9rifier l\u0027identifiant UID du propri\u00e9taire, restreindre la\nmodification des variables d\u0027environnement, ex\u00e9cuter des programmes,\netc). cURL est un moyen pour se connecter et communiquer avec un\nensemble vari\u00e9 de serveurs (FTP, FTPS, HTTP, HTTPS, TELNET, etc). Il se\npr\u00e9sente sous la forme d\u0027une biblioth\u00e8que nomm\u00e9e libcurl pour PHP.\n\nDes vuln\u00e9rabilit\u00e9s identifi\u00e9es dans cURL peuvent \u00eatre exploit\u00e9es par un\nutilisateur local malveillant, afin de contourner certaines restrictions\nd\u00e9finies par Safe Mode.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de mise \u00e0 jour de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2563"
    }
  ],
  "initial_release_date": "2006-05-29T00:00:00",
  "last_revision_date": "2006-09-28T00:00:00",
  "links": [
    {
      "title": "Site d\u00e9crivant Safe Mode pour PHP :",
      "url": "http://fr2.php.net/features.safe-mode"
    },
    {
      "title": "Mise \u00e0 jour de la biblioth\u00e8que libcurl pour PHP :",
      "url": "http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/"
    },
    {
      "title": "Site du projet cURL :",
      "url": "http://curl.haxx.se/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-320-2 du 26 juillet 2006 :",
      "url": "http://www.ubuntu.com/usn/usn-320-2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2006:052 du 21 septembre    2006 :",
      "url": "http://lists.suse.com/archive/suse-security-announce/2006-Sep/0006.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-320-1 du 19 juillet 2006 :",
      "url": "http://www.ubuntu.com/usn/usn-320-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:122 du 13 juillet    2006 :",
      "url": "http://wwW.mandriva.com/security/advisories?name=MDKSA-2006:122"
    }
  ],
  "reference": "CERTA-2006-AVI-222",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-05-29T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 SuSE, Ubuntu et Mandriva.",
      "revision_date": "2006-09-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s identifi\u00e9es dans cURL (les fonctions cURL sont dans\nla biblioth\u00e8que libcurl pour PHP) peuvent \u00eatre exploit\u00e9es par un\nutilisateur local malveillant, afin de contourner la politique de\ns\u00e9curit\u00e9 associ\u00e9e \u00e0 PHP.\n",
  "title": "Vuln\u00e9rabilit\u00e9s de cURL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour du projet cURL",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-2563 (GCVE-0-2006-2563)

Vulnerability from cvelistv5

CERTA-2006-AVI-222

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature