Description: shinnai has discovered a vulnerability in PHP, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to an error in the handling of an uninitialized structure inside the "glob()" function. This can be exploited to execute arbitrary code, which may lead to security restrictions (e.g. the "disable_functions" directive) being bypassed. The vulnerability is confirmed in the 5.2.3 win32 installer. Other versions may also be affected. Solution: Grant only trusted users permissions to execute PHP code. Provided and/or discovered by: shinnai Original Advisory: http://milw0rm.com/exploits/4181 Reproducible: Always
*** This bug has been marked as a duplicate of bug 180556 ***
This bug is NOT a dup. But I'm not sure whether we are affected by this at all. I asked some upstream devs and they had different explanations: either windows-only (happens there because of some glob() emulation code in php) or a glibc bug. A patch[1] was mentioned, but not commited to their csv until now. The example exploit doesn't lead to any segfault or similar on my machine, so it might be really the case that only Windows is affected. But let's see what upstream does with it... [1] http://dev.daylessday.org/diff/glob.diff