BugTraq
SecurityReason : PHP 5.2.6 dba_replace() destroying file Nov 27 2008 11:54PM
cxib securityreason com (1 replies)
Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Dec 06 2008 12:47PM
Eygene Ryabinkin (rea-sec codelabs ru) (1 replies)
Maksymilian, Ilia, good day.

Thu, Nov 27, 2008 at 11:54:44PM -0000, cxib (at) securityreason (dot) com [email concealed] wrote:
> [ SecurityReason.com PHP 5.2.6 dba_replace() destroying file ]
[...]
> - --- 1. dba_replace() destroying file ---
>
> Function dba_replace() are not filtring strings key and value. There
> is a possibility the destruction of the file.

This vulnerability exists in 4.x line as well and it is still unpatched.
Had verified it for dba extension from 4.4.9.

According to the revision log,
http://cvs.php.net/viewvc.cgi/php-src/ext/dba/libinifile/inifile.c?view=
log&pathrev=
there is no fix in the official PHP tree for 4.x yet.
--
Eygene

[ reply ]
Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Dec 06 2008 03:00PM
Ilia Alshanetsky (ilia prohost org) (1 replies)
Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Dec 06 2008 05:48PM
Eygene Ryabinkin (rea-sec codelabs ru)


 

Privacy Statement
Copyright 2010, SecurityFocus