CVE-2008-7068

Priority
Low
Description
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
attackers to cause a denial of service (file truncation) via a key with the
NULL byte. NOTE: this might only be a vulnerability in limited
circumstances in which the attacker can modify or add database entries but
does not have permissions to truncate the file.
References
Bugs
Package
Source: php4 (LP Ubuntu Debian)
Upstream:needs-triage
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Patches:
Upstream:http://cvs.php.net/viewvc.cgi/php-src/ext/dba/libinifile/inifile.c?r1=1.14.2.1.2.4&r2=1.14.2.1.2.5 (5.2)
Upstream:http://cvs.php.net/viewvc.cgi/php-src/ext/dba/libinifile/inifile.c?r1=1.21&r2=1.22 (head)
Upstream:http://cvs.php.net/viewvc.cgi/php-src/ext/dba/libinifile/inifile.c?r1=1.14.2.1.2.3.2.1&r2=1.14.2.1.2.3.2.2 (5.3)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:34:47 UTC (commit 9756)