111014 – dev-lang/php // dev-php/php <= 4.4.0, <= 5.0.5 register_globals Activation Vulnerability in parse_str()

Bug 111014 - dev-lang/php // dev-php/php <= 4.4.0, <= 5.0.5 register_globals Activation Vulnerability in parse_str()

Summary: dev-lang/php // dev-php/php <= 4.4.0, <= 5.0.5 register_globals Activation Vu...

Status:	RESOLVED DUPLICATE of bug 111032

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://www.hardened-php.net/advisory_...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-10-31 06:23 UTC by Vic Fryzel (shellsage) (RETIRED)
Modified:	2005-10-31 13:33 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vic Fryzel (shellsage) (RETIRED) gentoo-dev

2005-10-31 06:23:38 UTC

When parse_str() is called with only one parameter it parses the supplied
string, as if it were the query string passed via a URL and sets variables in
the global scope. This is achieved by internally switching register_globals on,
while the string is parsed.

For more details see original advisory:
http://www.hardened-php.net/advisory_192005.78.html

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-10-31 13:33:43 UTC

Regrouping issues...

*** This bug has been marked as a duplicate of 111032 ***