Gentoo: GLSA-201111-04: phpDocumentor: Function call injection
Summary
phpDocumentor bundles Smarty with the modifier.regex_replace.php plug-in which does not properly sanitize input related to the ASCII NUL character in a search string.
Resolution
All phpDocumentor users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-php/PEAR-PhpDocumentor-1.4.3-r1"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since February 12, 2011. It is likely that your system is
already no longer affected by this issue.
References
[ 1 ] CVE-2008-1066 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1066
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201111-04
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Synopsis
phpDocumentor bundles Smarty which contains an input sanitation flaw, allowing attackers to call arbitrary PHP functions.
Background
The phpDocumentor package provides automatic documenting of PHP API directly from the source.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-php/PEAR-PhpDocumentor < 1.4.3-r1 >= 1.4.3-r1
Impact
===== A remote attacker could call arbitrary PHP functions via templates.
Workaround
There is no known workaround at this time.