[php-maint] Bug#354685: PHP4 in Sarge may be vulnerable to
nickpj at gmail.com
Tue Feb 28 04:30:46 UTC 2006
An issue with trailing slashes in allowed basedirs.
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly
restrict access to other directories when the open_basedir directive includes
a trailing slash, which allows PHP scripts in one directory to access files in
other directories whose names are substrings of the original directory.
Vulnerable PHP versions:
PHP 4.3.10 appears vulnerable according to advisories on
More information about the pkg-php-maint