CVE

CVE-2006-4020

Date: (C)2006-08-08   (M)2024-02-22

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1016984

SREASON-1341

BID-19415

http://www.securityfocus.com/archive/1/442438/30/0/threaded

20061001-01-P

SECUNIA-21403

SECUNIA-21467

SECUNIA-21546

SECUNIA-21608

SECUNIA-21683

SECUNIA-21768

SECUNIA-21847

SECUNIA-22004

SECUNIA-22039

SECUNIA-22069

SECUNIA-22440

SECUNIA-22487

SECUNIA-22538

SECUNIA-23247

ADV-2006-3193

GLSA-200608-28

MDKSA-2006:144

RHSA-2006:0669

RHSA-2006:0682

RHSA-2006:0688

RHSA-2006:0736

SUSE-SA:2006:052

SUSE-SR:2006:019

SUSE-SR:2006:020

SUSE-SR:2006:022

USN-342-1

http://bugs.php.net/bug.php?id=38322

http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm

http://www.php.net/ChangeLog-5.php#5.1.5

http://www.php.net/release_5_1_5.php

http://www.plain-text.info/sscanf_bug.txt

oval:org.mitre.oval:def:11062