CVE-2006-1608

The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	4.0 (including)	4.0 (including)
Php	Php	4.0-beta_4_patch1 (including)	4.0-beta_4_patch1 (including)
Php	Php	4.0-beta1 (including)	4.0-beta1 (including)
Php	Php	4.0-beta2 (including)	4.0-beta2 (including)
Php	Php	4.0-beta3 (including)	4.0-beta3 (including)
Php	Php	4.0-beta4 (including)	4.0-beta4 (including)
Php	Php	4.0-rc1 (including)	4.0-rc1 (including)
Php	Php	4.0-rc2 (including)	4.0-rc2 (including)
Php	Php	4.0.0 (including)	4.0.0 (including)
Php	Php	4.0.1 (including)	4.0.1 (including)
Php	Php	4.0.1-patch1 (including)	4.0.1-patch1 (including)
Php	Php	4.0.1-patch2 (including)	4.0.1-patch2 (including)
Php	Php	4.0.2 (including)	4.0.2 (including)
Php	Php	4.0.3 (including)	4.0.3 (including)
Php	Php	4.0.3-patch1 (including)	4.0.3-patch1 (including)
Php	Php	4.0.4 (including)	4.0.4 (including)
Php	Php	4.0.4-patch1 (including)	4.0.4-patch1 (including)
Php	Php	4.0.5 (including)	4.0.5 (including)
Php	Php	4.0.6 (including)	4.0.6 (including)
Php	Php	4.0.7 (including)	4.0.7 (including)
Php	Php	4.0.7-rc1 (including)	4.0.7-rc1 (including)
Php	Php	4.0.7-rc2 (including)	4.0.7-rc2 (including)
Php	Php	4.0.7-rc3 (including)	4.0.7-rc3 (including)
Php	Php	4.1.0 (including)	4.1.0 (including)
Php	Php	4.1.1 (including)	4.1.1 (including)
Php	Php	4.1.2 (including)	4.1.2 (including)
Php	Php	4.2 (including)	4.2 (including)
Php	Php	4.2.0 (including)	4.2.0 (including)
Php	Php	4.2.1 (including)	4.2.1 (including)
Php	Php	4.2.2 (including)	4.2.2 (including)
Php	Php	4.2.3 (including)	4.2.3 (including)
Php	Php	4.3.0 (including)	4.3.0 (including)
Php	Php	4.3.1 (including)	4.3.1 (including)
Php	Php	4.3.2 (including)	4.3.2 (including)
Php	Php	4.3.3 (including)	4.3.3 (including)
Php	Php	4.3.4 (including)	4.3.4 (including)
Php	Php	4.3.5 (including)	4.3.5 (including)
Php	Php	4.3.6 (including)	4.3.6 (including)
Php	Php	4.3.7 (including)	4.3.7 (including)
Php	Php	4.3.8 (including)	4.3.8 (including)
Php	Php	4.3.9 (including)	4.3.9 (including)
Php	Php	4.3.10 (including)	4.3.10 (including)
Php	Php	4.3.11 (including)	4.3.11 (including)
Php	Php	4.4.0 (including)	4.4.0 (including)
Php	Php	4.4.1 (including)	4.4.1 (including)
Php	Php	4.4.2 (including)	4.4.2 (including)
Php	Php	5.0-rc1 (including)	5.0-rc1 (including)
Php	Php	5.0-rc2 (including)	5.0-rc2 (including)
Php	Php	5.0-rc3 (including)	5.0-rc3 (including)
Php	Php	5.0.0 (including)	5.0.0 (including)
Php	Php	5.0.0-beta1 (including)	5.0.0-beta1 (including)
Php	Php	5.0.0-beta2 (including)	5.0.0-beta2 (including)
Php	Php	5.0.0-beta3 (including)	5.0.0-beta3 (including)
Php	Php	5.0.0-beta4 (including)	5.0.0-beta4 (including)
Php	Php	5.0.0-rc1 (including)	5.0.0-rc1 (including)
Php	Php	5.0.0-rc2 (including)	5.0.0-rc2 (including)
Php	Php	5.0.0-rc3 (including)	5.0.0-rc3 (including)
Php	Php	5.0.1 (including)	5.0.1 (including)
Php	Php	5.0.2 (including)	5.0.2 (including)
Php	Php	5.0.3 (including)	5.0.3 (including)
Php	Php	5.0.4 (including)	5.0.4 (including)
Php	Php	5.0.5 (including)	5.0.5 (including)
Php	Php	5.1.0 (including)	5.1.0 (including)
Php	Php	5.1.1 (including)	5.1.1 (including)
Php	Php	5.1.2 (including)	5.1.2 (including)
Php5	Ubuntu	dapper	*
Php5	Ubuntu	devel	*
Php5	Ubuntu	edgy	*
Php5	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1608
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References