Summary: | dev-lang/php-5.2.X "glob()" Code Execution Vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Hartmann <lars> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | hoffie |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/26085/ | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Lars Hartmann
2007-07-16 19:15:53 UTC
*** This bug has been marked as a duplicate of bug 180556 *** This bug is NOT a dup. But I'm not sure whether we are affected by this at all. I asked some upstream devs and they had different explanations: either windows-only (happens there because of some glob() emulation code in php) or a glibc bug. A patch[1] was mentioned, but not commited to their csv until now. The example exploit doesn't lead to any segfault or similar on my machine, so it might be really the case that only Windows is affected. But let's see what upstream does with it... [1] http://dev.daylessday.org/diff/glob.diff |