CVE-2006-4023

NameCVE-2006-4023
DescriptionThe ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs382257, 382270

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php5 (PTS)jessie5.6.33+dfsg-0+deb8u1vulnerable
jessie (security)5.6.36+dfsg-0+deb8u1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php4source(unstable)(unfixed)unimportant382270
php5source(unstable)(unfixed)unimportant382257

Notes

Not every lack of protection of programmer's flaws is a vulnerability
See notes by Sean for details
> the entry states that this is more likely a bug in any
> applications not performing further validation/sanitizing,
> and i tend to agree based on the php.net documentation, which
> states: "ip2long() should not be used as the sole form of IP
> validation. Combine it with long2ip()".

Search for package or bug name: Reporting problems