diff options
author | Alex Dupre <ale@FreeBSD.org> | 2008-09-04 14:00:12 +0000 |
---|---|---|
committer | Alex Dupre <ale@FreeBSD.org> | 2008-09-04 14:00:12 +0000 |
commit | a0d9ed6a84a0539f4913af677c07bb4ec694e74a (patch) | |
tree | 509322d4ec11231e92bc79d90e8c27aa8f537230 | |
parent | 067f51c23a1e6f413d0abb965b71fc97d18a6421 (diff) | |
download | ports-a0d9ed6a84a0539f4913af677c07bb4ec694e74a.tar.gz ports-a0d9ed6a84a0539f4913af677c07bb4ec694e74a.zip |
Notes
-rw-r--r-- | security/vuxml/vuln.xml | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3090a73d1704..0539e721b6f4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -785,21 +785,21 @@ Note: Please add new entries to the beginning of this file. </vuln> <vuln vid="ee6fa2bd-406a-11dd-936a-0015af872849"> - <topic>php -- input validation error in posix_access function</topic> + <topic>php -- input validation error in safe_mode</topic> <affects> <package> - <name>php5-posix</name> - <range><ge>5.0</ge></range> + <name>php5</name> + <range><lt>5.2.6_2</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>According to Maksymilian Arciemowicz research, it is possible to bypass security restrictions - of <code>safe_mode</code> in <code>posix_access()</code> - function via directory traversal vulnerability. The attacker + of <code>safe_mode</code> in various + functions via directory traversal vulnerability. The attacker can use this attack to gain access to sensitive - information. Other functions utilizing + information. Functions utilizing <code>expand_filepath()</code> may be affected.</p> <p>It should be noted that this vulnerability is not considered to be serious by the FreeBSD Security Team, @@ -809,13 +809,14 @@ Note: Please add new entries to the beginning of this file. </description> <references> <cvename>CVE-2008-2665</cvename> + <cvename>CVE-2008-2666</cvename> <bid>29797</bid> <url>http://securityreason.com/achievement_securityalert/54</url> </references> <dates> <discovery>2008-06-17</discovery> <entry>2008-06-22</entry> - <modified>2008-06-22</modified> + <modified>2008-09-04</modified> </dates> </vuln> |