php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26220 dba_open read arbitrary files
Submitted: 2003-11-12 09:57 UTC Modified: 2003-11-12 17:58 UTC
From: evgeny at 100mb dot ru Assigned: helly (profile)
Status: Not a bug Package: DBM/DBA related
PHP Version: 4.3.4 OS: FreeBSD 4.7
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: evgeny at 100mb dot ru
New email:
PHP Version: OS:

 

 [2003-11-12 09:57 UTC] evgeny at 100mb dot ru
Description:
------------
dba_open() creates *.db file with fragments of system files or source php scripts


Reproduce code:
---------------
<?php
$db=dba_open("/var/tmp/test.db","n", "gdbm");
?>




Expected result:
----------------
Create test.db only

Actual result:
--------------
#cat /var/tmp/test.db

...
127.0.0.1               localhost localhost.my.domain
#
# Imaginary network.
#10.0.0.2               myname.my.domain myname
#10.0.0.3               myfriend.my.domain myfriend
...
(pert of my /etc/hosts here! :( and part of my /etc/services file below :-()
....
hylafax         4559/tcp   #HylaFAX client-server protocol
rfa             4672/tcp   #remote file access server
rfa             4672/udp   #remote file access server
commplex-main   5000/tcp
commplex-main   5000/udp
.....


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-12 17:58 UTC] helly@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

Don't use gdbm then.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 15:01:29 2024 UTC