Launchpad.net

CVE 2008-1066

The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.

Related bugs and status

CVE-2008-1066 (Candidate) is related to these bugs:

Bug #202422: CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates

		In	Importance	Status
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Ubuntu)	Medium	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Debian)	Unknown	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Ubuntu Dapper)	Medium	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Ubuntu Edgy)	Medium	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Ubuntu Feisty)	Medium	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Ubuntu Gutsy)	Medium	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Ubuntu Hardy)	Medium	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Ubuntu)	Undecided	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Ubuntu Dapper)	Undecided	Won't Fix
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Ubuntu Edgy)	Undecided	Won't Fix
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Ubuntu Feisty)	Undecided	Won't Fix
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Ubuntu Gutsy)	Undecided	Won't Fix
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Ubuntu Hardy)	Undecided	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Debian)	Unknown	Fix Released

Bug #203457: [smarty] [CVE-2008-1066] arbitrary code execution

Summary				In	Importance	Status
	203457	[smarty] [CVE-2008-1066] arbitrary code execution		smarty (Ubuntu)	Undecided	New
	203457	[smarty] [CVE-2008-1066] arbitrary code execution		smarty (Debian)	Unknown	Fix Released

Bug #226864: Please merge smarty 2.6.19-1 (universe) from Debian unstable

Summary				In	Importance	Status
	226864	Please merge smarty 2.6.19-1 (universe) from Debian unstable		smarty (Ubuntu)	Wishlist	Fix Released

Bug #242671: CVE-2008-272[0-4]: Lots of varied vulnerabilities

		In	Importance	Status
242671	CVE-2008-272[0-4]: Lots of varied vulnerabilities	gallery2 (Ubuntu)	Undecided	Fix Released
242671	CVE-2008-272[0-4]: Lots of varied vulnerabilities	gallery2 (Ubuntu Hardy)	High	Fix Released
242671	CVE-2008-272[0-4]: Lots of varied vulnerabilities	gallery2 (Ubuntu Intrepid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://blog.s9y.org/ar...
CONFIRM: http://www.phpinsider....
CONFIRM: http://www.smarty.net/...
BID: 28105
SECUNIA: 29241
DEBIAN: DSA-1520
SECUNIA: 29405
SECUNIA: 29398
FEDORA: FEDORA-2008-2656
SUSE: SUSE-SR:2008:007
SECUNIA: 29562
SECUNIA: 29392
FEDORA: FEDORA-2008-2587
FEDORA: FEDORA-2008-2650
SECUNIA: 29839
GENTOO: GLSA-201111-04
XF: smarty-modifierregexre...