12412 : PHP Multithreaded safe_mode_exec_dir Restriction Bypass
Printer | http://osvdb.org/12412 | Email This | Edit Vulnerability

Views This Week

Views All Time

309

Info

Last Modified

about 1 year ago

Percent Complete

90%

Disclosure

Dec 15, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Keywords

SCOSA-2005.49

Description

PHP contains a flaw related to the safe_mode functionality that may allow a local attacker to execute arbitrary commands. The issue is due to PHP prepending the current directory to the constructed path for any command executed on a multithreaded web server. With the additional path, an attacker can bypass the safe_mode_exec_dir restriction and inject shell commands into the current directory name.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Solution

Upgrade to version 4.3.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

The PHP Group	PHP	5.0.0 Beta 1
		5.0.0 Beta 2
		5.0.0 Beta 3
		5.0.0 Beta 4
		5.0.0 Release Candidate 1
		5.0.0 Release Candidate 2
		5.0.0 Release Candidate 3
		5.0.0
		5.0.1
		5.0.2
		4.0.x
		4.1.x
		4.2.x
		4.3.0
		4.3.1
		4.3.2
		4.3.3
		4.3.4
		4.3.5
		4.3.6
		4.3.7
		4.3.8
		4.3.9

References

Related OSVDB ID: 12410 12411 12413 12414 12415
Secunia Advisory ID: 13481 13562 13568 13944 14653 16322 17645
CVE ID: 2004-1063 (see also: NVD)
Vendor Specific Advisory URL: ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://docs.info.apple.com/article.html?artnum=300770
http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01212
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0173.html
http://archives.neohapsis.com/archives/bugtraq/2005-08/0146.html
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml
http://www.hardened-php.net/advisories/012004.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:151
http://www.ubuntulinux.org/support/documentation/usn/usn-66-1
http://www.ubuntulinux.org/support/documentation/usn/usn-99-1
Vendor URL: http://www.php.net/
Vendor Specific News/Changelog Entry: http://www.php.net/release_4_3_10.php
Keyword: SCOSA-2005.49 SSRT5998

Tools & Filters

Nessus	16251 18091 20725

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Solution

Products

The PHP Group

PHP

References

Tools & Filters

Credit

Blogs

Comments