CVE-2008-7068

NameCVE-2008-7068
DescriptionThe dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDTSA-188-1
Debian Bugs507101

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php4source(unstable)(unfixed)
php5sourcelenny5.2.6.dfsg.1-1+lenny2
php5source(unstable)5.2.6.dfsg.1-3507101

Notes

if a user has write access to a file he simply can use fopen()

Search for package or bug name: Reporting problems