Bug 150216 - CAN-2005-0596 php readfile() DoS
Summary: CAN-2005-0596 php readfile() DoS
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: php
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
Whiteboard: impact=low,public=20040125,source=cve
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2005-03-03 19:59 UTC by Josh Bressers
Modified: 2007-11-30 22:07 UTC (History)
0 users

Clone Of:
Last Closed: 2005-03-03 21:26:58 UTC

Attachments (Terms of Use)

Description Josh Bressers 2005-03-03 19:59:33 UTC
A bug in the readfile() function of php4 could be used to to crash the httpd
running the php4 code when accessing files with a multiple of the architectures
page size leading to a denial of service.


Comment 1 Joe Orton 2005-03-03 21:26:58 UTC
We use the apache2filter SAPI in RHEL3, this only affected the
apache2handler in old versions of PHP.

This doesn't affect the version of the apache2handler shipped in
either RHEL4 or any current FC releases either.

Note You need to log in before you can comment on or make changes to this bug.