First Last Prev Next    This bug is not in your last search results.
Bug 174168 - CVE-2005-3389 PHP parse_str can enable register_globals
CVE-2005-3389 PHP parse_str can enable register_globals
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: php (Show other bugs)
5
All Linux
medium Severity low
: ---
: ---
Assigned To: Joe Orton
David Lawrence
impact=low,public=20051031,source=ful...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-25 07:43 EST by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 5.1.1-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-12-05 10:27:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Mark J. Cox (Product Security) 2005-11-25 07:43:02 EST 
tracking bug

+++ This bug was initially created as a clone of Bug #172209 +++

The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called
with only one parameter, allows remote attackers to disable the
register_globals directive via inputs that cause a request to be terminated
due to the memory_limit setting, which causes PHP to set an internal flag that
enables register_globals and allows attackers to exploit vulnerabilities in
PHP applications that would otherwise be protected.

http://www.hardened-php.net/advisory_192005.78.html

This issue also affects FC3
Comment 1 Joe Orton 2005-12-05 10:27:31 EST 
Fixed in Raw Hide with update to 5.1.1.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.