oss-sec mailing list archives
Re: CVE id request: php5
From: Josh Bressers <bressers () redhat com>
Date: Wed, 28 Jan 2009 13:57:36 -0500 (EST)
----- "Steffen Joeris" <steffen.joeris () skolelinux de> wrote:
I don't think this has a CVE id yet. Quote from the debian bugreport: "When an invalid key is used when calling dba_replace on a dba inifile resource it leads to file truncation." References: Debian Bugreport: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507101
I may be missing something here, but this looks like an issue where a bad script
really needs to cause this. Wouldn't it be just as easy to for the script author to
delete the file in question via a PHP script?
--
JB
Current thread:
- CVE id request: php5 Steffen Joeris (Jan 28)
- Re: CVE id request: php5 Josh Bressers (Jan 28)
- Re: CVE id request: php5 Raphael Geissert (Jan 28)
- Re: Re: CVE id request: php5 Joe Orton (Jan 29)
- Re: Re: CVE id request: php5 Steven M. Christey (Jan 29)
- Re: CVE id request: php5 Raphael Geissert (Jan 28)
- Re: CVE id request: php5 Josh Bressers (Jan 28)
