PHP contains a flaw that may allow malicious users to bypass security restrictions. The issue is due to file.c not properly sanitizing user-supplied input. This may allow an attacker to bypass the open_basedir restriction, traverse the file system and access arbitrary files. Additionally, a remote attacker may be able to create files in arbitrary directories via the tempnam() function.

Upgrade to version 4.4.3, 5.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015881
• Secunia Advisory ID: 19599 19775 19979 21031 21125 21135 21202 21252 21328 21723 22225
• CVE ID: 2006-1494 (see also: NVD)
• SCIP VulDB ID: 2422
• Related OSVDB ID: 24484 24485 24487
• Keyword: cXIb8O3
• Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-May/0002.html
  http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-12/0289.html
  http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0171.html
• Other Advisory URL: http://securityreason.com/achievement_securityalert/36
  http://www.ubuntu.com/usn/usn-320-1
  http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:074
  https://issues.rpath.com/browse/RPL-683
• Vendor Specific News/Changelog Entry: http://us.php.net/releases/5_1_3.php
  http://www.php.net/release_4_4_3.php
• Vendor URL: http://www.php.net/
• RedHat RHSA: RHSA-2006:0549 RHSA-2006:0567 RHSA-2006:0568

• Maksymilian Arciemowicz - maxjestsuper.pl - securityreason.com