PT-2006-1178 · Php+1 · Php+1
Published
2006-01-06
·
Updated
2018-10-19
·
CVE-2006-0097
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
PHP versions 4.3.10 through 4.4.2
Description:
A stack-based buffer overflow issue exists in the create named pipe function in libmysql.c, allowing attackers to execute arbitrary code via a long
arg host or arg unix socket argument. This can be demonstrated by a long named pipe variable in the host argument to the mysql connect function.Recommendations:
For PHP versions 4.3.10 through 4.4.2, update to version 4.4.3 or later to resolve the issue.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php
Libmysql