Bug 436541 - (CVE-2007-4850) CVE-2007-4850 php: curl safe mode bypass
CVE-2007-4850 php: curl safe mode bypass
Status: CLOSED DUPLICATE of bug 169857
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
  Show dependency treegraph
Reported: 2008-03-07 14:44 EST by Ville Skyttä
Modified: 2008-07-25 04:21 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-07-25 04:21:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ville Skyttä 2008-03-07 14:44:46 EST

curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows
context-dependent attackers to bypass safe_mode and open_basedir restrictions
and read arbitrary files via a file:// request containing a \x00 sequence, a
different vulnerability than CVE-2006-2563.

Based on change logs, upstream fix is
Comment 1 Tomas Hoger 2008-03-10 06:44:06 EDT
NVD statement regarding this flaw and php packages shipped in Red Hat Enterprise
Linux and Red Hat Application Stack is available on the url also mentioned in
the initial comment - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4850:

  Official Statement from Red Hat (1/25/2008)
  We do not consider these to be security issues. For more details see
  and http:www.php.netsecurity-note.php

There is currently not plan to backport a fix for this issue to Red Hat
Enterprise Linux and Red Hat Application Stack php packages.

For Fedora, this issue will most likely be fixed once next upstream release -
5.2.6 (not yet released upstream) - is uploaded to Fedora repositories.
Comment 2 Tomas Hoger 2008-07-25 04:21:42 EDT
Fedora packages are already updated to upstream version 5.2.6.

*** This bug has been marked as a duplicate of 169857 ***

Note You need to log in before you can comment on or make changes to this bug.