CVE-2009-3558

2009-11-23T17:30:00
ID CVE-2009-3558
Type cve
Reporter cve@mitre.org
Modified 2018-10-30T16:26:00

Description

The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. Access Complexity selected medium according to the information from X-force link regarding enabling "open_basedir" option.

http://xforce.iss.net/xforce/xfdb/53568