Vigil@nce: PHP, file truncation via dba_replace
December 2008 by Vigil@nce
SYNTHESIS
A local attacker can use the dba_replace() function to empty a
file.
Gravity: 1/4
Consequences: data creation/edition, data deletion
Provenance: user account
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: low (1/3)
Creation date: 28/11/2008
IMPACTED PRODUCTS
– PHP
DESCRIPTION
The PHP environment can be configured to forbid the access to file
truncating functions such as ftruncate().
The dba_replace() function is used to replace a record in a
database in text ("inifile") format. However, if the record key
name is empty, the file is truncated at its beginning.
This vulnerability can thus be used to delete the content of a
file. It can be noted that this file has to contain lines such as
"VAR=value" in order to be recognized by dba_replace().
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-8271