CVE-2008-1734

Severity Score

3.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.

Conflicto de interpretación en PHP Toolkit antes de 1.0.1 en Gentoo Linux podría permitir a usuarios locales provocar una denegación de servicio (Parada PHP) y leer contenidos de secuencias de comandos PHP creando un archivo con un nombre de una letra del alfabeto en minúsculas, lo que dispara la interpretación de cierto argumento [a-z] no entrecomillado como un intérprete de comandos glob coincidente para este nombre, mejor que una interpretación como la cadena de expresión regular [a-z] literal y consecuentemente bloquea el lanzamiento del intérprete PHP del Servidor Apache HTTP.

*Credits: N/A

CVSS Scores

NISTv2 3.6

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-04-11 CVE Reserved
2008-04-18 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (4)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=209535	X_refsource_misc
http://www.securityfocus.com/bid/28844	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41928	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://security.gentoo.org/glsa/glsa-200804-19.xml	2017-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gentoo Search vendor "Gentoo"	Php Toolkit Search vendor "Gentoo" for product "Php Toolkit"	<= 1.0 Search vendor "Gentoo" for product "Php Toolkit" and version " <= 1.0"	rc1	Affected	in	Gentoo Search vendor "Gentoo"	Linux Search vendor "Gentoo" for product "Linux"	*	-	Safe
Gentoo Search vendor "Gentoo"	Php Toolkit Search vendor "Gentoo" for product "Php Toolkit"	1.0 Search vendor "Gentoo" for product "Php Toolkit" and version "1.0"	-	Affected	in	Gentoo Search vendor "Gentoo"	Linux Search vendor "Gentoo" for product "Linux"	*	-	Safe
Gentoo Search vendor "Gentoo"	Php Toolkit Search vendor "Gentoo" for product "Php Toolkit"	1.0 Search vendor "Gentoo" for product "Php Toolkit" and version "1.0"	rc2	Affected	in	Gentoo Search vendor "Gentoo"	Linux Search vendor "Gentoo" for product "Linux"	*	-	Safe