Vulnerability Name:

CVE-2006-1608 (CCN-25706)

Assigned:2006-04-08
Published:2006-04-08
Updated:2018-10-30
Summary:The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Full-Disclosure Mailing List, Sat Apr 08 2006 - 14:43:07 CDT
copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2

Source: MITRE
Type: CNA
CVE-2006-1608

Source: CCN
Type: PHP CVS Repository
[cvs] Index of /php-src

Source: CCN
Type: SA19599
PHP "phpinfo()" Cross-Site Scripting and Security Bypass

Source: SECUNIA
Type: Exploit, Patch, Vendor Advisory
19599

Source: SECUNIA
Type: UNKNOWN
19775

Source: SECUNIA
Type: UNKNOWN
21125

Source: SREASONRES
Type: Exploit, Patch
20060408 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2

Source: SREASON
Type: UNKNOWN
678

Source: CCN
Type: SECTRACK ID: 1015882
PHP copy() Function Safe Mode Checking Error Lets Users Bypass Safe Mode File Access Restrictions

Source: SECTRACK
Type: UNKNOWN
1015882

Source: CONFIRM
Type: UNKNOWN
http://us.php.net/releases/5_1_3.php

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:074

Source: OSVDB
Type: UNKNOWN
24487

Source: CCN
Type: OSVDB ID: 24487
PHP copy() Function Safe Mode Bypass

Source: CCN
Type: The PHP Group Web site
PHP: Hypertext Preprocessor

Source: BUGTRAQ
Type: UNKNOWN
20060409 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2

Source: BUGTRAQ
Type: UNKNOWN
20060718 new shell bypass safe mode

Source: BUGTRAQ
Type: UNKNOWN
20060723 Re: new shell bypass safe mode

Source: BID
Type: UNKNOWN
17439

Source: CCN
Type: BID-17439
PHP Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities

Source: CCN
Type: TLSA-2006-17
Multiple vulnerabilities in php

Source: CCN
Type: USN-320-1
PHP vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-320-1

Source: CCN
Type: USN-320-2
PHP regression

Source: VUPEN
Type: UNKNOWN
ADV-2006-1290

Source: XF
Type: UNKNOWN
php-copy-safemode-bypass(25706)

Source: XF
Type: UNKNOWN
php-copy-safemode-bypass(25706)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.1:patch1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.1:patch2:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.3:patch1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.4:patch1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.7:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.7:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.7:rc3:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2:*:dev:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:rc2:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    php php 4.0
    php php 4.0 beta1
    php php 4.0 beta2
    php php 4.0 beta3
    php php 4.0 beta4
    php php 4.0 beta_4_patch1
    php php 4.0 rc1
    php php 4.0 rc2
    php php 4.0.0
    php php 4.0.1
    php php 4.0.1 patch1
    php php 4.0.1 patch2
    php php 4.0.2
    php php 4.0.3
    php php 4.0.3 patch1
    php php 4.0.4
    php php 4.0.4 patch1
    php php 4.0.5
    php php 4.0.6
    php php 4.0.7
    php php 4.0.7 rc1
    php php 4.0.7 rc2
    php php 4.0.7 rc3
    php php 4.1.0
    php php 4.1.1
    php php 4.1.2
    php php 4.2
    php php 4.2.0
    php php 4.2.1
    php php 4.2.2
    php php 4.2.3
    php php 4.3.0
    php php 4.3.1
    php php 4.3.2
    php php 4.3.3
    php php 4.3.4
    php php 4.3.5
    php php 4.3.6
    php php 4.3.7
    php php 4.3.8
    php php 4.3.9
    php php 4.3.10
    php php 4.3.11
    php php 4.4.0
    php php 4.4.1
    php php 4.4.2
    php php 5.0 rc1
    php php 5.0 rc2
    php php 5.0 rc3
    php php 5.0.0
    php php 5.0.0 beta1
    php php 5.0.0 beta2
    php php 5.0.0 beta3
    php php 5.0.0 beta4
    php php 5.0.0 rc1
    php php 5.0.0 rc2
    php php 5.0.0 rc3
    php php 5.0.1
    php php 5.0.2
    php php 5.0.3
    php php 5.0.4
    php php 5.0.5
    php php 5.1.0
    php php 5.1.1
    php php 5.1.2
    php php 4.0.5 -
    php php 4.1.1
    php php 4.2.0 -
    php php 4.2.1 -
    php php 4.2.3 -
    php php 4.2.2
    php php 4.3.0 -
    php php 4.3.4 -
    php php 4.3.9
    php php 4.3.10 -
    php php 5.0.3 -
    php php 4.3.11 -
    php php 5.0.4 -
    php php 5.0.0 -
    php php 4.4.0 -
    php php 5.0.5 -
    php php 5.1.1
    php php 5.1.2 -
    php php 4.4.2 -
    php php 4.3.3 -
    php php 5.0.2 -
    php php 4.0.0
    php php 4.0.1 -
    php php 4.0.2
    php php 4.0.3
    php php 4.0.4 -
    php php 4.0.6 -
    php php 4.0.7 -
    php php 4.0 beta_4_patch1
    php php 4.0 beta1
    php php 4.0 beta2
    php php 4.0 beta3
    php php 4.0 beta4
    php php 4.1.0 -
    php php 4.1.2
    php php 4.3.1
    php php 4.3.2 -
    php php 4.3.5 -
    php php 4.3.6 -
    php php 4.3.7 -
    php php 4.3.8
    php php 4.4.1 -
    php php 5.0.0 beta1
    php php 5.0.0 beta2
    php php 5.0.0 beta3
    php php 5.0.0 beta4
    php php 5.0.0 rc1
    php php 5.0.0 rc2
    php php 5.0.0 rc3
    php php 5.0.1 -
    php php 5.1.0 -
    php php 4.0 rc1
    php php 4.0 rc2
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake multi network firewall 2.0
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux personal *
    turbolinux turbolinux home *
    turbolinux turbolinux multimedia *