[php-maint] Bug#323585: Fwd: Re: CVE request: PHP4 open_basedir circumvention

Martin Pitt martin.pitt at ubuntu.com
Tue Sep 27 05:24:21 UTC 2005


I requested a CVE number for this:

Candidate: CAN-2005-3054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3054

fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not
properly restrict access to other directories when the open_basedir
directive includes a trailing slash, which allows PHP scripts in one
directory to access files in other directories whose names are
substrings of the original directory.

Martin Pitt              http://www.piware.de
Ubuntu Developer   http://www.ubuntulinux.org
Debian Developer        http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20050927/e9868eba/attachment.pgp

More information about the pkg-php-maint mailing list