CVE-2009-3557 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2009-3557
Status Candidate
Description The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.
Severity Medium
CVSS score 5
CVSS vector (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Phase Assigned (18.07.2011)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3557
References APPLE : APPLE-SA-2010-03-29-1
CONFIRM : http://support.apple.com/kb/HT4077
CONFIRM : http://svn.php.net/viewvc/php/php-src/branches/PHP...
CONFIRM : http://svn.php.net/viewvc/php/php-src/branches/PHP...
CONFIRM : http://svn.php.net/viewvc?view=revision&revisi...
CONFIRM : http://www.php.net/ChangeLog-5.php
CONFIRM : http://www.php.net/releases/5_2_12.php
CONFIRM : http://www.php.net/releases/5_3_1.php
HP : HPSBUX02543
HP : SSRT100152
MANDRIVA : MDVSA-2009:285
MANDRIVA : MDVSA-2009:302
MANDRIVA : MDVSA-2009:303
MLIST : [oss-security] 20091120 CVE request: php 5.3.1 update
MLIST : [oss-security] 20091120 Re: CVE request: php 5.3.1 update
MLIST : [oss-security] 20091120 Re: CVE request: php 5.3.1 update
MLIST : [php-announce] 20091119 5.3.1 Release announcement
SECUNIA : 37412
SECUNIA : 37821
SECUNIA : 40262
SREASON : 6601
VUPEN : ADV-2009-3593
SecurityVulns: PHP multiple security vulnerabilities
PHP multiple security vulnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server