misc/71475: ACID (snort DB) detects versions incorrectly for PHP >
v5.x
David A. Koran
dak at solo.net
Tue Sep 7 14:30:17 PDT 2004
>Number: 71475
>Category: misc
>Synopsis: ACID (snort DB) detects versions incorrectly for PHP > v5.x
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Sep 07 21:30:17 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: David A. Koran
>Release: FreeBSD 4.10-STABLE #6: Sun Aug 29 12:49:29 EDT 2004
>Organization:
SoundtrackNet, LLC
>Environment:
FreeBSD 4.10-STABLE #6: Sun Aug 29 12:49:29 EDT 2004
>Description:
in "acid_db_common.php" the detection routines for PHP versions are incorrect and need to revised.
----[section of code in question]----
function verify_php_build($DBtype)
/* Checks whether the necessary libraries is built into PHP */
{
/* Check PHP version >= 4.0.4 */
$current_php_version = phpversion();
$version = explode(".", $current_php_version);
/* account for x.x.xXX subversions possibly having text like 4.0.4pl1 */
if ( is_numeric(substr($version[2], 1, 1)) )
$version[2] = substr($version[2], 0, 2);
else
$version[2] = substr($version[2], 0, 1);
/* only version PHP 4.0.4+ or 4.1+.* are valid */
if ( !( ($version[0] >= 4) && ( ( ($version[1] == 0) && ($version[2] >= 4) ) ||
($version[1] > 0) ) ) )
{
return "<FONT COLOR=\"#FF0000\">PHP ERROR</FONT>: ".
"<B>Incompatible version</B>: <FONT>Version ".$current_php_version.
" of PHP is too old. Please upgrade to version 4.0.4 or later</FONT>";
}
>How-To-Repeat:
Try to configure ACID with a stock install of PHP5 on Apache 1.3
>Fix:
I belive the problem lies within this comparison operator:
if ( !( ($version[0] >= 4) && ( ( ($version[1] == 0) && ($version[2] >= 4) ) ||
($version[1] > 0) ) ) )
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list