CVE		CVE-2009-3558
Status		Candidate
Description		The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
Severity		Medium
CVSS score		6,8
CVSS vector		(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Phase		Assigned (01.04.2010)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3558
References		APPLE : APPLE-SA-2010-03-29-1
		CONFIRM : http://support.apple.com/kb/HT4077
		CONFIRM : http://svn.php.net/viewvc/php/php-src/branches/PHP...
		CONFIRM : http://svn.php.net/viewvc/php/php-src/branches/PHP...
		CONFIRM : http://svn.php.net/viewvc?view=revision&revisi...
		CONFIRM : http://www.php.net/ChangeLog-5.php
		CONFIRM : http://www.php.net/releases/5_2_12.php
		CONFIRM : http://www.php.net/releases/5_3_1.php
		MANDRIVA : MDVSA-2009:285
		MANDRIVA : MDVSA-2009:302
		MANDRIVA : MDVSA-2009:303
		MLIST : [oss-security] 20091120 CVE request: php 5.3.1 update
		MLIST : [oss-security] 20091120 Re: CVE request: php 5.3.1 update
		MLIST : [oss-security] 20091120 Re: CVE request: php 5.3.1 update
		MLIST : [php-announce] 20091119 5.3.1 Release announcement
		SECUNIA : 37412
		SECUNIA : 37821
		SREASON : 6600
		VUPEN : ADV-2009-3593
SecurityVulns:		PHP multiple security vulnerabilities
		PHP multiple security vulnerabilities