Bugtraq mailing list archives
Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file
From: Ilia Alshanetsky <ilia () prohost org>
Date: Sat, 6 Dec 2008 10:00:14 -0500
The PHP 4.X tree has been discontinued and all users should upgrade to the 5.x tree.
On 6-Dec-08, at 7:47 AM, Eygene Ryabinkin wrote:
Maksymilian, Ilia, good day. Thu, Nov 27, 2008 at 11:54:44PM -0000, cxib () securityreason com wrote:[ SecurityReason.com PHP 5.2.6 dba_replace() destroying file ][...]- --- 1. dba_replace() destroying file --- Function dba_replace() are not filtring strings key and value. There is a possibility the destruction of the file.This vulnerability exists in 4.x line as well and it is still unpatched.Had verified it for dba extension from 4.4.9. According to the revision log, http://cvs.php.net/viewvc.cgi/php-src/ext/dba/libinifile/inifile.c?view=log&pathrev= there is no fix in the official PHP tree for 4.x yet. -- Eygene
Ilia Alshanetsky
Current thread:
- Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Eygene Ryabinkin (Dec 06)
- Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Ilia Alshanetsky (Dec 06)
- Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Eygene Ryabinkin (Dec 06)
- Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Ilia Alshanetsky (Dec 06)