Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в PHP
дополнено с 24 ноября 2009 г.
Опубликовано:4 декабря 2009 г.
Источник:
SecurityVulns ID:10417
Тип:локальная
Уровень опасности:
5/10
Описание:Выход из ограниченной среды safe_mode через различные функции.
Затронутые продукты:PHP : PHP 5.3
CVE:CVE-2009-3559 (** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.)
 CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.)
 CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.)
Оригинальный текстdocumentMaksymilian Arciemowicz, PHP 5.3.1 open_basedir bypass (04.12.2009)
 documentMANDRIVA, [ MDVSA-2009:302 ] php (24.11.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород