FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- ini database truncation inside dba_replace() function

Affected packages
php4-dba < 4.4.9_1
php5-dba < 5.2.7

Details

VuXML ID 1e8031be-4258-11de-b67a-0030843d3802
Discovery 2008-11-28
Entry 2009-05-16
Modified 2013-06-16

securityfocus research reports:

A bug that leads to the emptying of the INI file contents if the database key was not found exists in PHP dba extension in versions 5.2.6, 4.4.9 and earlier.

Function dba_replace() are not filtering strings key and value. There is a possibility for the destruction of the file.

References

CVE Name CVE-2008-7068
URL http://securityreason.com/achievement_securityalert/58
URL http://www.securityfocus.com/archive/1/498746/30/0/threaded