Computer Security

CVE-2009-3559
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2009-3559
StatusCandidate
Description** DISPUTED **  main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory.  NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.
SeverityHigh
CVSS score7,5
CVSS vector(AV:N/AC:L/Au:N/C:P/I:P/A:P)
PhaseAssigned (01.04.2010)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3559
ReferencesAPPLE : APPLE-SA-2010-03-29-1
 CONFIRM : http://support.apple.com/kb/HT4077
 CONFIRM : http://www.php.net/ChangeLog-5.php
 CONFIRM : http://www.php.net/releases/5_3_1.php
 MANDRIVA : MDVSA-2009:302
 MISC : http://bugs.php.net/bug.php?id=50063
 MLIST : [oss-security] 20091120 CVE request: php 5.3.1 update
 MLIST : [oss-security] 20091120 Re: CVE request: php 5.3.1 update
 MLIST : [oss-security] 20091120 Re: CVE request: php 5.3.1 update
 MLIST : [php-announce] 20091119 5.3.1 Release announcement
SecurityVulns:PHP multiple security vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server