php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26220 dba_open read arbitrary files
Submitted: 2003-11-12 09:57 UTC Modified: 2003-11-12 17:58 UTC
From: evgeny at 100mb dot ru Assigned: helly (profile)
Status: Not a bug Package: DBM/DBA related
PHP Version: 4.3.4 OS: FreeBSD 4.7
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: evgeny at 100mb dot ru
New email:
PHP Version: OS:

 

 [2003-11-12 09:57 UTC] evgeny at 100mb dot ru
Description:
------------
dba_open() creates *.db file with fragments of system files or source php scripts


Reproduce code:
---------------
<?php
$db=dba_open("/var/tmp/test.db","n", "gdbm");
?>




Expected result:
----------------
Create test.db only

Actual result:
--------------
#cat /var/tmp/test.db

...
127.0.0.1               localhost localhost.my.domain
#
# Imaginary network.
#10.0.0.2               myname.my.domain myname
#10.0.0.3               myfriend.my.domain myfriend
...
(pert of my /etc/hosts here! :( and part of my /etc/services file below :-()
....
hylafax         4559/tcp   #HylaFAX client-server protocol
rfa             4672/tcp   #remote file access server
rfa             4672/udp   #remote file access server
commplex-main   5000/tcp
commplex-main   5000/udp
.....


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-12 17:58 UTC] helly@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

Don't use gdbm then.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Jul 18 08:01:25 2019 UTC