CVE-2008-7068

Impact:
Low
Public Date:
2008-11-28
Bugzilla:
519266: CVE-2008-7068 php: dba_replace() file corruption vulnerability

The MITRE CVE dictionary describes this issue as:

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

Find out more about CVE-2008-7068 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This is not a security issue. A user with read and write access to a file can reasonably be expected to manipulate the contents of the file, including truncating it. Instead of using dba_replace(), a user could simply fopen() the file in write mode, which provides the same end-result.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.