| Summary: | CVE-2010-4700 php: mysqli mysqli_fetch_assoc does not escape its output when magic_quotes are enabled | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | fedora, jorton, rpm |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-01-21 14:28:58 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Tomas Hoger
2011-01-19 13:11:32 UTC
Following commits seem related too: http://svn.php.net/viewvc?view=revision&revision=302804 http://svn.php.net/viewvc?view=revision&revision=303366 I can't reproduce this issue on RHEL PHP 5.3.2 and 5.3.3. The output is escaped as expected, identical to the file_get_contents("test.txt") output.
Looking at what code is touched by the patches referenced above, it's #ifdef MYSQLI_USE_MYSQLND code. Both RHEL and Fedora PHP packages still use libmysql, rather than new mysqlnd driver. Our builds should not be affected by this issue.
Fedora RFE for switch to mysqlnd - bug #510951. Tomas is correct that this only affects the build with mysqlnd enabled, which we don't ship. Statement: Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4, 5, or 6. |