Launchpad.net

CVE 2008-7068

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

Related bugs and status

CVE-2008-7068 (Candidate) is related to these bugs:

Bug #239513: [SRU] stack smashing detected when calling xmlrpc_set_type

		In	Importance	Status
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php5 (Ubuntu)	Undecided	Fix Released
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php	Unknown	Unknown
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php5 (Ubuntu Hardy)	Undecided	Fix Released
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php5 (Ubuntu Intrepid)	Undecided	Fix Released
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php5 (Ubuntu Jaunty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-7068

Related bugs and status

Related bugs

References