CVE-2006-4023
Vulnerability from cvelistv5
Published
2006-08-09 00:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:57:43.861Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20060729 Re: PHP ip2long() function circumvention", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/441708/100/100/threaded" }, { "name": "20060729 PHP ip2long() function circumvention", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/441529/100/100/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://retrogod.altervista.org/php_ip2long.htm" }, { "name": "1016609", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016609" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-29T00:00:00", "descriptions": [ { "lang": "en", "value": "The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy\u0027s role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20060729 Re: PHP ip2long() function circumvention", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/441708/100/100/threaded" }, { "name": "20060729 PHP ip2long() function circumvention", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/441529/100/100/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://retrogod.altervista.org/php_ip2long.htm" }, { "name": "1016609", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016609" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4023", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy\u0027s role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20060729 Re: PHP ip2long() function circumvention", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/441708/100/100/threaded" }, { "name": "20060729 PHP ip2long() function circumvention", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/441529/100/100/threaded" }, { "name": "http://retrogod.altervista.org/php_ip2long.htm", "refsource": "MISC", "url": "http://retrogod.altervista.org/php_ip2long.htm" }, { "name": "1016609", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016609" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4023", "datePublished": "2006-08-09T00:00:00", "dateReserved": "2006-08-08T00:00:00", "dateUpdated": "2024-08-07T18:57:43.861Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2006-4023\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-08-09T00:04:00.000\",\"lastModified\":\"2018-10-17T21:32:58.940\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy\u0027s role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n ip2long en PHP 5.1.4 y anteriores puede validar incorrectamente una cadena de su elecci\u00f3n y devolver una direcci\u00f3n IP, la cual permite a atacantes remotos obtener informaci\u00f3n y facilitar otros ataques, como se demostr\u00f3 usando inyecci\u00f3n SQL en la cabecera X-FORWARDED-FOR en index.php en MiniBB 2.0. NOTA: podr\u00eda discutirse que el funcionamiento ip2long representa un riesgo para los asuntos de seguridad relevantes en la medida que es similar al papel de los strcpy en el desbordamiento de b\u00fafer, en cuyo caso esto podr\u00eda ser un tipo de bug de implementaci\u00f3n que requerir\u00eda separar los asuntos CVE para cada aplicaci\u00f3n PHP que utiliza ip2long en una manera se seguridad relevante.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74E7AE59-1CB0-4300-BBE0-109F909789EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1874F637-77E2-4C4A-BF92-AEE96A60BFB0\"}]}]}],\"references\":[{\"url\":\"http://retrogod.altervista.org/php_ip2long.htm\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://securitytracker.com/id?1016609\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/441529/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/441708/100/100/threaded\",\"source\":\"cve@mitre.org\"}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.