Computer Security

PHP safe_mode protection bypass
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



PHP safe_mode protection bypass
Published:23.06.2008
Source:FULL-DISCLOSURE
SecurityVulns ID:9106
Type:local
Level:5/10
Description:Protection bypass with posix_access(), chdir(), ftok() functions.
Affected:PHP : PHP 5.2
CVE:CVE-2008-2666 (Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.)
 CVE-2008-2665 (Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run.)
Original documentdocumentMaksymilian Arciemowicz, [Full-disclosure] PHP 5.2.6 posix_access() (posix ext) safe_mode bypass (23.06.2008)
 documentMaksymilian Arciemowicz, [Full-disclosure] PHP 5.2.6 chdir(), ftok() (standard ext) safe_mode bypass (23.06.2008)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server