CVE-2008-1734 - OpenCVE

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gentoo	Linux Php Toolkit

Configuration 1 [-]

AND

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:gentoo:php_toolkit::rc1::::::*
	cpe:2.3:a:gentoo:php_toolkit:1.0:::::::*
	cpe:2.3:a:gentoo:php_toolkit:1.0:rc2::::::

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=209535
http://security.gentoo.org/glsa/glsa-200804-19.xml
http://www.securityfocus.com/bid/28844
https://exchange.xforce.ibmcloud.com/vulnerabilities/41928

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-04-18T15:00:00

Updated: 2024-08-07T08:32:01.265Z

Reserved: 2008-04-11T00:00:00

Link: CVE-2008-1734

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-04-18T15:05:00.000

Modified: 2017-08-08T01:30:24.620

Link: CVE-2008-1734

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-17T00:00:00", "descriptions": [{"lang": "en", "value": "Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28844", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28844"}, {"name": "phptoolkit-phpselect-dos(41928)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41928"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=209535"}, {"name": "GLSA-200804-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200804-19.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1734", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28844", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28844"}, {"name": "phptoolkit-phpselect-dos(41928)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41928"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=209535", "refsource": "MISC", "url": "http://bugs.gentoo.org/show_bug.cgi?id=209535"}, {"name": "GLSA-200804-19", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-19.xml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:32:01.265Z"}, "title": "CVE Program Container", "references": [{"name": "28844", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28844"}, {"name": "phptoolkit-phpselect-dos(41928)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41928"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=209535"}, {"name": "GLSA-200804-19", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200804-19.xml"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1734", "datePublished": "2008-04-18T15:00:00", "dateReserved": "2008-04-11T00:00:00", "dateUpdated": "2024-08-07T08:32:01.265Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:gentoo:php_toolkit:*:rc1:*:*:*:*:*:*", "matchCriteriaId": "509DE99A-4F75-4BB6-85C4-3244F08252B2", "versionEndIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:php_toolkit:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0799813F-9774-4C07-A2EB-FF1D5D3C8763", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:php_toolkit:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "E3245C5A-35B3-46E1-8307-3390C0AFEBA0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server."}, {"lang": "es", "value": "Conflicto de interpretaci\u00f3n en PHP Toolkit antes de 1.0.1 en Gentoo Linux podr\u00eda permitir a usuarios locales provocar una denegaci\u00f3n de servicio (Parada PHP) y leer contenidos de secuencias de comandos PHP creando un archivo con un nombre de una letra del alfabeto en min\u00fasculas, lo que dispara la interpretaci\u00f3n de cierto argumento [a-z] no entrecomillado como un int\u00e9rprete de comandos glob coincidente para este nombre, mejor que una interpretaci\u00f3n como la cadena de expresi\u00f3n regular [a-z] literal y consecuentemente bloquea el lanzamiento del int\u00e9rprete PHP del Servidor Apache HTTP."}], "id": "CVE-2008-1734", "lastModified": "2017-08-08T01:30:24.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-18T15:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=209535"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200804-19.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28844"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41928"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}