PHPDeveloper.org: Secunia.com: PHP "glob()" Code Execution Vulnerability

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

Job Posting: Kodak Graphic Communications Group Seeks PHP Application Developer (Stamford, CT)

News Archive

Till's Blog: ZendFramework (performance) II

Sebastian Bergmann's Blog: Freezing and Thawing PHP Objects

Jani Hartikainen's Blog: NetBeans 6.5 review (with PHP support)

Rob Allen's Blog: File uploads with Zend_Form_Element_File

PHPro.org: Calculate Friday The 13th With Datetime Class

Marco Tabini's Blog: It turns out, I was wrong

Community News: Latest PEAR Releases for 12.01.2008

Site News: Job Postings for the week of 11.23.2008

KillerPHP.com: Creating a Wordpress Theme from Scratch (Video)

Chris Hartjes' Blog: Handling Multiple Environments In Your PHP Application

Secunia.com:
PHP "glob()" Code Execution Vulnerability

by Chris Cornutt July 16, 2007 @ 13:52:38

As reported here on Secunia (as discovered by shinnai), there's a code execution vulnerability in PHP's glob function:

The vulnerability is caused due to an error in the handling of an uninitialized structure inside the "glob()" function. This can be exploited to execute arbitrary code, which may lead to security restrictions (e.g. the "disable_functions" directive) being bypassed.

The vulnerability is confirmed in the 5.2.3 win32 installer. Other versions may also be affected.

The issue is marked as "less critical" and can be avoided easily by only allowing trusted users the correct permissions to execute PHP code on the server.

0 comments voice your opinion now!
glob vulnerability execution code bypass security glob vulnerability execution code bypass security

Similar Posts

Evolt.org: Quick Calendar Using AJAX and PHP

Zend Developer Zone: Upcoming Zend Webinars

Secunia.com: Ubuntu update for PHP

Secunis.com: Travelsized CMS index.php Cross-Site Scripting Vulnerabilities

ThinPHP Blog: Understanding successful tracing of security vulnerabilities

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework