Description
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28844
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41928
Issue Tracking x_refsource_misc
http://bugs.gentoo.org/show_bug.cgi?id=209535
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200804-19.xml
Scores
EPSS
0.0006
EPSS Percentile
18.1%
Details
CWE
CWE-20
Status
published
Products (2)
gentoo/php_toolkit
1.0 (2 CPE variants)
gentoo/php_toolkit
< 1.0
Published
Apr 18, 2008
Tracked Since
Feb 18, 2026