Bugtraq: Re: SecurityReason : PHP 5.2.6 dba

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file

From: Eygene Ryabinkin <rea-sec () codelabs ru>
Date: Sat, 6 Dec 2008 15:47:14 +0300

Maksymilian, Ilia, good day.

Thu, Nov 27, 2008 at 11:54:44PM -0000, cxib () securityreason com wrote:

[ SecurityReason.com PHP 5.2.6 dba_replace() destroying file ]

[...]

- --- 1. dba_replace() destroying file ---

Function dba_replace() are not filtring strings key and value. There
is a possibility the destruction of the file.


This vulnerability exists in 4.x line as well and it is still unpatched.
Had verified it for dba extension from 4.4.9.

According to the revision log,
  http://cvs.php.net/viewvc.cgi/php-src/ext/dba/libinifile/inifile.c?view=log&pathrev=
there is no fix in the official PHP tree for 4.x yet.
-- 
Eygene

By Date By Thread

Current thread:

Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Eygene Ryabinkin (Dec 06)
- Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Ilia Alshanetsky (Dec 06)
  - Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Eygene Ryabinkin (Dec 06)