oss-sec mailing list archives

Re: CVE id request: php5


From: Josh Bressers <bressers () redhat com>
Date: Wed, 28 Jan 2009 13:57:36 -0500 (EST)

----- "Steffen Joeris" <steffen.joeris () skolelinux de> wrote:

I don't think this has a CVE id yet.

Quote from the debian bugreport:
"When an invalid key is used when calling dba_replace on a dba inifile

resource it leads to file truncation."

References:
Debian Bugreport:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507101

I may be missing something here, but this looks like an issue where a bad script
really needs to cause this. Wouldn't it be just as easy to for the script author to
delete the file in question via a PHP script?

-- 
    JB


Current thread: