Mailinglist Archive: opensuse-bugs (13468 mails)

[bugzilla_noreply@xxxxxxxxxx]

https://bugzilla.novell.com/show_bug.cgi?id=334440

           Summary: VUL-0: php ftp extension arbitrary FTP commands issue
                    (CVE-2007-2509)
           Product: openSUSE 10.3
           Version: Final
          Platform: All
        OS/Version: openSUSE 10.3
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Security
        AssignedTo: crrodriguez@xxxxxxxxxx
        ReportedBy: crrodriguez@xxxxxxxxxx
         QAContact: qa@xxxxxxx
                CC: security-team@xxxxxxx, mmarek@xxxxxxxxxx
          Found By: Other


A flaw was found in the PHP "ftp" extension. If a PHP script used this
extension to provide access to a private FTP server, and passed untrusted
script input directly to any function provided by this extension, a remote
attacker would be able to send arbitrary FTP commands to the server.
(CVE-2007-2509)


-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.