OSVDB ID: 12412

Title: PHP Multithreaded safe_mode_exec_dir Restriction Bypass

Info

Disclosure
Dec 15, 2004

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 PHP contains a flaw related to the safe_mode functionality that may allow a local attacker to execute arbitrary commands. The issue is due to PHP prepending the current directory to the constructed path for any command executed on a multithreaded web server. With the additional path, an attacker can bypass the safe_mode_exec_dir restriction and inject shell commands into the current directory name.

Classification

 Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored
Disclosure: OSVDB Verified, Vendor Verified

Solution

 Upgrade to version 4.3.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

The PHP Group

PHP

 5.0.0 Beta 1
5.0.0 Beta 2
5.0.0 Beta 3
5.0.0 Beta 4
5.0.0 Release Candidate 1
5.0.0 Release Candidate 2
5.0.0 Release Candidate 3
5.0.0
5.0.1
5.0.2
4.0.x
4.1.x
4.2.x
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/12412