Bug 436541 (CVE-2007-4850) - CVE-2007-4850 php: curl safe mode bypass
Summary: CVE-2007-4850 php: curl safe mode bypass
Status: CLOSED DUPLICATE of bug 169857
Alias: CVE-2007-4850
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard: source=fulldisclosure,reported=200801...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-03-07 19:44 UTC by Ville Skyttä
Modified: 2008-07-25 08:21 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-25 08:21:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Ville Skyttä 2008-03-07 19:44:46 UTC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4850

curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows
context-dependent attackers to bypass safe_mode and open_basedir restrictions
and read arbitrary files via a file:// request containing a \x00 sequence, a
different vulnerability than CVE-2006-2563.

Based on change logs, upstream fix is
http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.33&r2=1.62.2.14.2.34&view=patch

Comment 1 Tomas Hoger 2008-03-10 10:44:06 UTC
NVD statement regarding this flaw and php packages shipped in Red Hat Enterprise
Linux and Red Hat Application Stack is available on the url also mentioned in
the initial comment - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4850:

  Official Statement from Red Hat (1/25/2008)
  We do not consider these to be security issues. For more details see
  http:bugzilla.redhat.combugzillashow_bug.cgi?id=169857#c1
  and http:www.php.netsecurity-note.php

There is currently not plan to backport a fix for this issue to Red Hat
Enterprise Linux and Red Hat Application Stack php packages.

For Fedora, this issue will most likely be fixed once next upstream release -
5.2.6 (not yet released upstream) - is uploaded to Fedora repositories.


Comment 2 Tomas Hoger 2008-07-25 08:21:42 UTC
Fedora packages are already updated to upstream version 5.2.6.

*** This bug has been marked as a duplicate of 169857 ***


Note You need to log in before you can comment on or make changes to this bug.