php-pear-mdb2

2007-12-02

Page content

Author: voroskoi
Vulnerable: 2.4.1-1
Unaffected: 2.4.1-2sayshell1

A security issue has been reported in PEAR MDB2, which can be exploited by malicious people to disclose sensitive information. The security issue is caused due to MDB2 potentially making use of PHP’s protocol wrappers when storing certain input as LOB. This can be exploited to e.g. disclose sensitive information by storing a specially crafted URI (e.g. “file:///etc/passwd”) as LOB.

Bug Tracker URL: http://bugs.frugalware.org/task/2573

CVEs:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5934