Bug 662707 (CVE-2006-7243) - CVE-2006-7243 php: paths with NULL character were considered valid
Summary: CVE-2006-7243 php: paths with NULL character were considered valid
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2006-7243
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 820101 (view as bug list)
Depends On: 958614 988714 1067646 1067647
Blocks: 927185 952520 974906
TreeView+ depends on / blocked
 
Reported: 2010-12-13 16:45 UTC by Vincent Danen
Modified: 2021-02-24 16:53 UTC (History)
15 users (show)

Fixed In Version: php 5.3.4
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-09-04 18:59:59 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1307 0 normal SHIPPED_LIVE Moderate: php53 security, bug fix and enhancement update 2013-10-01 00:31:22 UTC
Red Hat Product Errata RHSA-2013:1615 0 normal SHIPPED_LIVE Moderate: php security, bug fix, and enhancement update 2013-11-20 21:38:52 UTC
Red Hat Product Errata RHSA-2014:0311 0 normal SHIPPED_LIVE Critical: php security update 2014-03-18 23:43:38 UTC

Description Vincent Danen 2010-12-13 16:45:35 UTC
It was reported [1],[2] that PHP would accept filenames with a NULL character in the string, and silently truncate anything after the NULL character.  This could lead to unexpected results and could possibly disclose the existence of certain system files.  This was initially reported against the file_exists() function, but a number of other functions were changed to prevent PHP from considering paths with a NULL character as being valid [2].

This has been corrected in the upstream 5.3.4 release [3].

[1] http://bugs.php.net/39863
[2] http://www.madirish.net/?article=436
[3] http://svn.php.net/viewvc/?view=revision&revision=305507
[4] http://www.php.net/archive/2010.php#id2010-12-10-1

Comment 3 Huzaifa S. Sidhpurwala 2010-12-28 08:54:23 UTC

*** This bug has been marked as a duplicate of bug 169857 ***

Comment 4 Jan Lieskovsky 2012-05-09 09:27:50 UTC
*** Bug 820101 has been marked as a duplicate of this bug. ***

Comment 7 Robert Scheck 2013-05-06 12:16:42 UTC
ownCloud 5.0.5 setup complains that a fully RHEL 6 is vulnerable to this. Not
very nice - even this is just moderate. Any plans to fix this?

Comment 8 Robert Scheck 2013-05-13 11:39:48 UTC
Cross-filed case 00836562 in the Red Hat customer portal.

Comment 11 errata-xmlrpc 2013-09-30 22:11:52 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1307 https://rhn.redhat.com/errata/RHSA-2013-1307.html

Comment 12 Huzaifa S. Sidhpurwala 2013-10-01 04:43:04 UTC
Statement:

(none)

Comment 14 errata-xmlrpc 2013-11-21 11:16:37 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1615 https://rhn.redhat.com/errata/RHSA-2013-1615.html

Comment 19 errata-xmlrpc 2014-03-18 19:45:24 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:0311 https://rhn.redhat.com/errata/RHSA-2014-0311.html

Comment 20 Tomas Hoger 2014-03-18 21:07:24 UTC
Thank to Remi Collet for pointing out that parts of the upstream patch are applicable to additional packages available in EPEL-5.  Those are either for modules that were not part of PHP upstream in version 5.1.6, or that are not built in Red Hat Enterprise Linux 5 packages.

php-pecl-zip
php-pecl-fileinfo
php-extras (tidy module)

CCing respective owners.


Note You need to log in before you can comment on or make changes to this bug.