Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7068

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-7068
Last Modified 25 Aug 2009 12:00:00
Published 25 Aug 2009 06:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7068

Summary

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

Vulnerable Systems

Application

  • Php 4.0

  • Php 4.0.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.1.3

  • Php 4.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.2.4

  • Php 4.3

  • Php 4.3.0

  • Php 4.3.1

  • Php 4.3.10

  • Php 4.3.11

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.4

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 4.3.8

  • Php 4.3.9

  • Php 4.4.0

  • Php 4.4.1

  • Php 4.4.2

  • Php 4.4.3

  • Php 4.4.4

  • Php 4.4.5

  • Php 4.4.6

  • Php 4.4.7

  • Php 4.4.8

  • Php 4.4.9

  • Php 5.2.6


References

XF - php-dbareplace-file-corruption(47316)

BUGTRAQ - 20081127 SecurityReason : PHP 5.2.6 dba_replace() destroying file

BUGTRAQ - 20081206 Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file

OSVDB - 52206

SREASONRES - 20081127 PHP 5.2.6 dba_replace() destroying file

CONFIRM - http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1313&r2=1.2027.2.547.2.1314&


Last Updated: 27 May 2016 10:49:26