Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: PHP, file truncation via dba_replace

December 2008 by Vigil@nce

SYNTHESIS

A local attacker can use the dba_replace() function to empty a
file.

Gravity: 1/4

Consequences: data creation/edition, data deletion

Provenance: user account

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: low (1/3)

Creation date: 28/11/2008

IMPACTED PRODUCTS

 PHP

DESCRIPTION

The PHP environment can be configured to forbid the access to file
truncating functions such as ftruncate().

The dba_replace() function is used to replace a record in a
database in text ("inifile") format. However, if the record key
name is empty, the file is truncated at its beginning.

This vulnerability can thus be used to delete the content of a
file. It can be noted that this file has to contain lines such as
"VAR=value" in order to be recognized by dba_replace().

CHARACTERISTICS

Identifiers: VIGILANCE-VUL-8271

http://vigilance.fr/vulnerability/8271


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts