Bug 150216 - CAN-2005-0596 php readfile() DoS
Summary: CAN-2005-0596 php readfile() DoS
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: php   
(Show other bugs)
Version: 3.0
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
URL:
Whiteboard: impact=low,public=20040125,source=cve
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-03-03 19:59 UTC by Josh Bressers
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-03 21:26:58 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Josh Bressers 2005-03-03 19:59:33 UTC
A bug in the readfile() function of php4 could be used to to crash the httpd
running the php4 code when accessing files with a multiple of the architectures
page size leading to a denial of service.

http://bugs.php.net/bug.php?id=27037&edit=3
http://cvs.php.net/diff.php/php-src/sapi/apache2handler/sapi_apache2.c?r1=1.1.2.24&r2=1.1.2.25&ty=u

Comment 1 Joe Orton 2005-03-03 21:26:58 UTC
We use the apache2filter SAPI in RHEL3, this only affected the
apache2handler in old versions of PHP.

This doesn't affect the version of the apache2handler shipped in
either RHEL4 or any current FC releases either.


Note You need to log in before you can comment on or make changes to this bug.