Bug 129459
| Summary: | [patch] [vuxml] databases/php5-dba, databases/php4-dba: fix dba_replace() file truncation | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Eygene Ryabinkin <rea-fbsd> | ||||||
| Component: | Individual Port(s) | Assignee: | Martin Wilke <miwi> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Only Me | ||||||||
| Priority: | Normal | ||||||||
| Version: | Latest | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| Attachments: |
|
||||||||
Responsible Changed From-To: freebsd-ports-bugs->ale Over to maintainer (via the GNATS Auto Assign Tool) State Changed From-To: open->feedback ale, please patch both ports and forward this pr to me. Thanks. State Changed From-To: feedback->open Patched in 4.x (5.x seen several vendor releases in the meantime), over to vuxml handler Responsible Changed From-To: ale->miwi Patched in 4.x (5.x seen several vendor releases in the meantime), over to vuxml handler pav 2009-03-24 17:02:45 UTC
FreeBSD ports repository
Modified files:
databases/php4-dba Makefile
Added files:
databases/php4-dba/files patch-fix-dba_replace-truncation
Log:
- Fix bug when dba_replace() will truncate INI file when it was asked to
replace a 52 non-existent key.
PR: ports/129459
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reviewed by: maintainer timeout (ale; 3 months)
Security: http://www.securityfocus.com/archive/1/498746/30/0/threaded
Revision Changes Path
1.2 +1 -0 ports/databases/php4-dba/Makefile
1.1 +17 -0 ports/databases/php4-dba/files/patch-fix-dba_replace-truncation (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks! miwi 2009-05-16 20:36:19 UTC
FreeBSD ports repository
Modified files:
security/vuxml vuln.xml
Log:
- Document php -- ini database truncation inside dba_replace() function
PR: 129459 (based on)
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Revision Changes Path
1.1942 +35 -1 ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
|
It was discovered that function dba_replace() from dba extension of PHP 4.x/5.x will truncate INI file when it was asked to replace a non-existent key. Fix: The following patch adds the fixes both for 4.x and 5.x. This is the vulnerability checking bundle. Just extract and run 'make'. # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # test/Makefile # test/ham.php # test/test.ini # test/test.ini.orig # echo x - test/Makefile sed 's/^X//' >test/Makefile << '0d8f5a336dfc7f93d0f8ebb4026e4d46' Xall: test X Xtest: test.ini.orig ham.php X @cp -f test.ini.orig test.ini X @rm -f test.ini.lck X @php ham.php X @[ -s test.ini ] && \ X (echo "Not vulnerable: test.ini is not empty:"; cat test.ini) || \ X echo "Vulnerable: test.ini is empty." X @rm -f test.ini.lck 0d8f5a336dfc7f93d0f8ebb4026e4d46 echo x - test/ham.php sed 's/^X//' >test/ham.php << 'a7cabf122ec818d2261bc37c2f29880f' X<?php X$source=dba_open("test.ini", "wlt", "inifile"); Xdba_replace("\0","/www/",$source); X?> a7cabf122ec818d2261bc37c2f29880f echo x - test/test.ini sed 's/^X//' >test/test.ini << '0368deadfd01a6af1d47cb55f407fd28' XPATH=/ XCURR=. XHOME=/home/ 0368deadfd01a6af1d47cb55f407fd28 echo x - test/test.ini.orig sed 's/^X//' >test/test.ini.orig << 'd411974d83a21a1687635b704e038703' XPATH=/ XCURR=. XHOME=/home/ d411974d83a21a1687635b704e038703 exit --- test.shar ends here --- The following VuXML entry should be evaluated and added: How-To-Repeat: http://securityreason.com/achievement_securityalert/58