MGASA-2014-0434
- Source
- https://advisories.mageia.org/MGASA-2014-0434.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0434.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2014-0434
- Upstream
- Published
- 2014-10-29T11:30:40Z
- Modified
- 2026-04-16T06:26:03.326308500Z
- Summary
- Updated php-ZendFramework packages fix security vulnerabilities
- Details
-
Due to a bug in PHP's LDAP extension, when ZendFramework's Zend_ldap class is used for logins, an attacker can login as any user by using a null byte to bypass the empty password check and perform an unauthenticated LDAP bind (CVE-2014-8088).
The sqlsrv PHP extension, which provides the ability to connect to Microsoft SQL Server from PHP, does not provide a built-in quoting mechanism for manually quoting values to pass via SQL queries; developers are encouraged to use prepared statements. Zend Framework provides quoting mechanisms via ZendDbAdapter_Sqlsrv which uses the recommended "double single quote" ('') as quoting delimiters. SQL Server treats null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection (CVE-2014-8089).
- References
-
- https://advisories.mageia.org/MGASA-2014-0434.html
- https://bugs.mageia.org/show_bug.cgi?id=14253
- http://framework.zend.com/security/advisory/ZF2014-05
- http://framework.zend.com/security/advisory/ZF2014-06
- http://framework.zend.com/blog/zend-framework-1-12-9-2-2-8-and-2-3-3-released.html
- https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:3 / php-ZendFramework
Package
- Name
- php-ZendFramework
- Purl
- pkg:rpm/mageia/php-ZendFramework?arch=source&distro=mageia-3
Mageia:4 / php-ZendFramework
Package
- Name
- php-ZendFramework
- Purl
- pkg:rpm/mageia/php-ZendFramework?arch=source&distro=mageia-4