Mailinglist Archive: opensuse-bugs (13468 mails)

< Previous Next >
[Bug 334440] New: VUL-0: php ftp extension arbitrary FTP commands issue ( CVE-2007-2509)
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 16 Oct 2007 23:23:58 -0600 (MDT)
  • Message-id: <bug-334440-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=334440

Summary: VUL-0: php ftp extension arbitrary FTP commands issue
(CVE-2007-2509)
Product: openSUSE 10.3
Version: Final
Platform: All
OS/Version: openSUSE 10.3
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
AssignedTo: crrodriguez@xxxxxxxxxx
ReportedBy: crrodriguez@xxxxxxxxxx
QAContact: qa@xxxxxxx
CC: security-team@xxxxxxx, mmarek@xxxxxxxxxx
Found By: Other


A flaw was found in the PHP "ftp" extension. If a PHP script used this
extension to provide access to a private FTP server, and passed untrusted
script input directly to any function provided by this extension, a remote
attacker would be able to send arbitrary FTP commands to the server.
(CVE-2007-2509)


--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
This Thread
  • No further messages