Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.7
Bug #9162 Insecure usage of var "phpdns_basedir" (if register_globals is on)
Submitted: 2006-10-25 17:45 UTC
From: neufeind Assigned: bate
Status: Closed Package: Net_DNS (version CVS)
PHP Version: Irrelevant OS:
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 23 + 6 = ?

 
 [2006-10-25 17:45 UTC] neufeind (Stefan Neufeind)
Description: ------------ As per Secunia-advisory at http://secunia.com/advisories/22522/ there exists a (theoretical?) vulnerability in Net_DNS, even in the latest version (CVS). The variable is set in the main library-file Net/DNS.php to "Net_". But if it is somehow possible for an attacker to access RR.php directly and in case register_globals is on this can lead to arbitary file inclusion (since $phpdns_basedir is used in require_once-statements). Expected result: ---------------- No inclusion of arbitrary files :-) Actual result: -------------- Inclusion possible under certain (special) conditions.

Comments

 [2006-10-25 17:46 UTC] neufeind at php dot net (Stefan Neufeind)
Would it be fine to "hardcode" Net_ instead of using $phpdns_basedir? I think that's done this way in most other packages as well.
 [2006-10-25 17:53 UTC] bate (Marco Kaiser)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.