Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 185586

Summary: dev-lang/php-5.2.X "glob()" Code Execution Vulnerability
Product: Gentoo Security Reporter: Lars Hartmann <lars>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: hoffie
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/26085/
Whiteboard:
Package list:
Runtime testing required: ---

Description Lars Hartmann 2007-07-16 19:15:53 UTC 
Description:
shinnai has discovered a vulnerability in PHP, which can be exploited by malicious, local users to bypass certain security restrictions.

The vulnerability is caused due to an error in the handling of an uninitialized structure inside the "glob()" function. This can be exploited to execute arbitrary code, which may lead to security restrictions (e.g. the "disable_functions" directive) being bypassed.

The vulnerability is confirmed in the 5.2.3 win32 installer. Other versions may also be affected.

Solution:
Grant only trusted users permissions to execute PHP code.

Provided and/or discovered by:
shinnai

Original Advisory:
http://milw0rm.com/exploits/4181

Reproducible: Always
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2007-07-16 19:26:59 UTC 

*** This bug has been marked as a duplicate of bug 180556 ***
Comment 2 Christian Hoffmann (RETIRED) gentoo-dev 2007-07-16 20:37:57 UTC 
This bug is NOT a dup.
But I'm not sure whether we are affected by this at all. I asked some upstream devs and they had different explanations: either windows-only (happens there because of some glob() emulation code in php) or a glibc bug. A patch[1] was mentioned, but not commited to their csv until now.
The example exploit doesn't lead to any segfault or similar on my machine, so it might be really the case that only Windows is affected.

But let's see what upstream does with it...

[1] http://dev.daylessday.org/diff/glob.diff