php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #33150 shtool: insecure temporary file creation
Submitted: 2005-05-26 13:43 UTC Modified: 2005-06-18 20:57 UTC
From: eromang at zataz dot net Assigned: sniper (profile)
Status: Closed Package: Compile Failure
PHP Version: 5.*, 4.* OS: UNIX
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: eromang at zataz dot net
New email:
PHP Version: OS:

 

 [2005-05-26 13:43 UTC] eromang at zataz dot net 
Description:
------------
Hello,

php is using a vulnerable version of shtool.

For more informations :

http://www.securityfocus.com/bid/13767?ref=rss

Regards

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-05-29 22:25 UTC] eromang at zataz dot net 
Hello,

Here under the patch proposal from Gentoo Security Team.

https://bugs.gentoo.org/attachment.cgi?id=60117

CAN-2005-1751

Regards.
 [2005-05-30 01:02 UTC] sniper@php.net 
We'll update the bundled shtool as soon as they release new version of it. We will not start patching it ourselves.
 [2005-06-10 17:18 UTC] koon at gentoo dot org 
Apparently PHP only uses the mkdir and echo commands, neither makes a tmpfile. SO you probably aren't affected by this currently.
 [2005-06-18 20:57 UTC] sniper@php.net 
We use the 'path' command also, and that one is affected.
 [2005-06-18 20:57 UTC] sniper@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 11:01:29 2024 UTC