PEAR::MDB2 BLOB Field Information Disclosure Vulnerability
BID:26382
Info
PEAR::MDB2 BLOB Field Information Disclosure Vulnerability
| Bugtraq ID: | 26382 |
| Class: | Design Error |
| CVE: |
CVE-2007-5934 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 08 2007 12:00AM |
| Updated: | Dec 18 2007 08:06PM |
| Credit: | Priyadi reported this issue to the vendor. |
| Vulnerable: |
Redhat Fedora 7 PEAR PEAR::MDB2 2.5 a1 Gentoo Linux |
| Not Vulnerable: | |
Discussion
PEAR::MDB2 BLOB Field Information Disclosure Vulnerability
PEAR::MDB2 is prone to an information-disclosure vulnerability because the library fails to securely handle URIs in BLOB and CLOB database fields.
Successfully exploiting this issue allows attackers to access potentially sensitive information that may aid in further attacks. Because of the unknown nature of applications that use the affected library, other attacks may also be possible.
MDB2 2.5.0a1 is vulnerable to this issue; other versions may also be affected.
PEAR::MDB2 is prone to an information-disclosure vulnerability because the library fails to securely handle URIs in BLOB and CLOB database fields.
Successfully exploiting this issue allows attackers to access potentially sensitive information that may aid in further attacks. Because of the unknown nature of applications that use the affected library, other attacks may also be possible.
MDB2 2.5.0a1 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Solution / Fix
PEAR::MDB2 BLOB Field Information Disclosure Vulnerability
Solution:
The vendor has committed fixes to its CVS repository. Contact the vendor for information on obtaining and applying fixes.
Solution:
The vendor has committed fixes to its CVS repository. Contact the vendor for information on obtaining and applying fixes.
References
PEAR::MDB2 BLOB Field Information Disclosure Vulnerability
References:
References: