| Name | CVE-2006-4023 |
| Description | The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 382257, 382270 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| php5 (PTS) | jessie, jessie (lts) | 5.6.40+dfsg-0+deb8u18 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| php4 | source | (unstable) | (unfixed) | unimportant | | 382270 |
| php5 | source | (unstable) | (unfixed) | unimportant | | 382257 |
Notes
Not every lack of protection of programmer's flaws is a vulnerability
See notes by Sean for details
> the entry states that this is more likely a bug in any
> applications not performing further validation/sanitizing,
> and i tend to agree based on the php.net documentation, which
> states: "ip2long() should not be used as the sole form of IP
> validation. Combine it with long2ip()".