CVE-2008-1734

Published: Apr 18, 2008Modified: Apr 23, 2026

3.6

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:P

Exploitability: 3.9 / Impact: 4.9

Source: NVD

Description

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.

Affected (3)

Products: Gentoo: Php Toolkit

1 product

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gentoo Php Toolkit	Up to 1.0
Gentoo Php Toolkit	Version 1.0
Gentoo Php Toolkit	Version 1.0 rc2

Running on/with	Platform Versions
Gentoo Linux	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://bugs.gentoo.org/show_bug.cgi?id=209535

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200804-19.xml

Source: cve@mitre.org

http://www.securityfocus.com/bid/28844

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/41928

Source: cve@mitre.org

http://bugs.gentoo.org/show_bug.cgi?id=209535

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200804-19.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/28844

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/41928

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.